Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    Adopt Me Pet Gen (1).exe

  • Size

    1.2MB

  • Sample

    240703-qp1nsaybkf

  • MD5

    f9c02b1fadb6318ea0644429e91bab26

  • SHA1

    6e9602dd27a921a6c87efd452ca33b96be07024b

  • SHA256

    5f90564e4d8c9f2c5a77ffe433d1717a4ede588238e82056cf855db61b5d432c

  • SHA512

    c61a5692fe9a21b34effd7b1a93b9bbc849d58e4aad1cf23cfc5045c44db1135ed8d7e73f8b9c1690caf3e674ba5d2e1fd61d124e00bbcd7b4f2b2b6c7138498

  • SSDEEP

    24576:NB6Zzj8DE+VzvhRpB9A4p3jV9kQCtwoHk/poO5CeJRNcZSNPw:nrhRp7zB9UwoE/pxDcMN

Malware Config

Extracted

Family

xworm

C2

improve-dating.gl.at.ply.gg:14761

wiz.bounceme.net:6000

Attributes
  • Install_directory

    %ProgramData%

aes.plain

Targets

    • Target

      Adopt Me Pet Gen (1).exe

    • Size

      1.2MB

    • MD5

      f9c02b1fadb6318ea0644429e91bab26

    • SHA1

      6e9602dd27a921a6c87efd452ca33b96be07024b

    • SHA256

      5f90564e4d8c9f2c5a77ffe433d1717a4ede588238e82056cf855db61b5d432c

    • SHA512

      c61a5692fe9a21b34effd7b1a93b9bbc849d58e4aad1cf23cfc5045c44db1135ed8d7e73f8b9c1690caf3e674ba5d2e1fd61d124e00bbcd7b4f2b2b6c7138498

    • SSDEEP

      24576:NB6Zzj8DE+VzvhRpB9A4p3jV9kQCtwoHk/poO5CeJRNcZSNPw:nrhRp7zB9UwoE/pxDcMN

    • Detect Xworm Payload

    • Xworm

      Xworm is a remote access trojan written in C#.

    • Blocklisted process makes network request

    • Command and Scripting Interpreter: PowerShell

      Run Powershell and hide display window.

    • Drops startup file

    • Adds Run key to start application

MITRE ATT&CK Enterprise v15

Tasks