Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    arceus x.exe

  • Size

    10.3MB

  • Sample

    240628-ngp6zazaqq

  • MD5

    380f08da7396daa261f7edabdc161388

  • SHA1

    3622717512e77bb2ea51c9af995fa1c359413d8f

  • SHA256

    2f5ed04a9e2907c09ab4a3d6a984b68976926d2d99f21239bfbe8625b415ccc3

  • SHA512

    f724db6274890b9472067437f69a4d0d01bc4d911a32515d52c502d8524a31c1563641fed55d2021e9853bb2c1618aec24ac23c9f074b7331be4032917598424

  • SSDEEP

    196608:p6iDnLZQi21bRqt9Vs9sMm2agR2wCg6N6FYx1jg+elKIK0G8V1f83:plDLvgbRWs93dW9AFYH8kd0Ge83

Malware Config

Extracted

Family

xworm

Version

5.0

C2

amount-socket.gl.at.ply.gg:29643

Mutex

CBOJbsqFCwukBOQm

Attributes
  • install_file

    USB.exe

aes.plain

Targets

    • Target

      arceus x.exe

    • Size

      10.3MB

    • MD5

      380f08da7396daa261f7edabdc161388

    • SHA1

      3622717512e77bb2ea51c9af995fa1c359413d8f

    • SHA256

      2f5ed04a9e2907c09ab4a3d6a984b68976926d2d99f21239bfbe8625b415ccc3

    • SHA512

      f724db6274890b9472067437f69a4d0d01bc4d911a32515d52c502d8524a31c1563641fed55d2021e9853bb2c1618aec24ac23c9f074b7331be4032917598424

    • SSDEEP

      196608:p6iDnLZQi21bRqt9Vs9sMm2agR2wCg6N6FYx1jg+elKIK0G8V1f83:plDLvgbRWs93dW9AFYH8kd0Ge83

    • Detect Xworm Payload

    • Xworm

      Xworm is a remote access trojan written in C#.

    • Command and Scripting Interpreter: PowerShell

      Run Powershell and hide display window.

MITRE ATT&CK Enterprise v15

Tasks