Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
General
-
Target
Adopt Me Pet Gen (1).exe
-
Size
1.2MB
-
Sample
240703-qp1nsaybkf
-
MD5
f9c02b1fadb6318ea0644429e91bab26
-
SHA1
6e9602dd27a921a6c87efd452ca33b96be07024b
-
SHA256
5f90564e4d8c9f2c5a77ffe433d1717a4ede588238e82056cf855db61b5d432c
-
SHA512
c61a5692fe9a21b34effd7b1a93b9bbc849d58e4aad1cf23cfc5045c44db1135ed8d7e73f8b9c1690caf3e674ba5d2e1fd61d124e00bbcd7b4f2b2b6c7138498
-
SSDEEP
24576:NB6Zzj8DE+VzvhRpB9A4p3jV9kQCtwoHk/poO5CeJRNcZSNPw:nrhRp7zB9UwoE/pxDcMN
Malware Config
Extracted
xworm
improve-dating.gl.at.ply.gg:14761
wiz.bounceme.net:6000
-
Install_directory
%ProgramData%
Targets
-
-
Target
Adopt Me Pet Gen (1).exe
-
Size
1.2MB
-
MD5
f9c02b1fadb6318ea0644429e91bab26
-
SHA1
6e9602dd27a921a6c87efd452ca33b96be07024b
-
SHA256
5f90564e4d8c9f2c5a77ffe433d1717a4ede588238e82056cf855db61b5d432c
-
SHA512
c61a5692fe9a21b34effd7b1a93b9bbc849d58e4aad1cf23cfc5045c44db1135ed8d7e73f8b9c1690caf3e674ba5d2e1fd61d124e00bbcd7b4f2b2b6c7138498
-
SSDEEP
24576:NB6Zzj8DE+VzvhRpB9A4p3jV9kQCtwoHk/poO5CeJRNcZSNPw:nrhRp7zB9UwoE/pxDcMN
Score10/10-
Detect Xworm Payload
-
Xworm
Xworm is a remote access trojan written in C#.
-
Blocklisted process makes network request
-
Command and Scripting Interpreter: PowerShell
Run Powershell and hide display window.
-
Drops startup file
-
Adds Run key to start application
-
MITRE ATT&CK Enterprise v15
Execution
Command and Scripting Interpreter
1PowerShell
1Scheduled Task/Job
1Scheduled Task
1Persistence
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Scheduled Task/Job
1Scheduled Task
1