Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
General
-
Target
svchost.bat
-
Size
287KB
-
Sample
240704-tl758s1dna
-
MD5
9be1452fccb6a9ca2b3e28b89d0c879e
-
SHA1
8fe95b338be85b1ceac233a51abf3c59890741a7
-
SHA256
fa57646f828af97268c76a06db56ef3c7dbc6c87d8b3a49579783b346c1ef6b6
-
SHA512
f2376350ff5e8b5c405c3e48370a22d140249c77a3c5b69f88e55c87f5f643f501a95f1dcf3e361619562ca4fdefa403caed95cb26bb6250c4a62a270803474f
-
SSDEEP
6144:eIAZ2ZdcY5dv7vuw8UD2CmmrVKsQ7p/0FD+Q7b7QatJqYS:eIAZWcGv7N8UDa+VK790FqQTQc3S
Static task
static1
Behavioral task
behavioral1
Sample
svchost.bat
Resource
win11-20240508-en
Malware Config
Extracted
xworm
session-chief.gl.at.ply.gg:36125
-
Install_directory
%LocalAppData%
-
install_file
svchost.exe
Targets
-
-
Target
svchost.bat
-
Size
287KB
-
MD5
9be1452fccb6a9ca2b3e28b89d0c879e
-
SHA1
8fe95b338be85b1ceac233a51abf3c59890741a7
-
SHA256
fa57646f828af97268c76a06db56ef3c7dbc6c87d8b3a49579783b346c1ef6b6
-
SHA512
f2376350ff5e8b5c405c3e48370a22d140249c77a3c5b69f88e55c87f5f643f501a95f1dcf3e361619562ca4fdefa403caed95cb26bb6250c4a62a270803474f
-
SSDEEP
6144:eIAZ2ZdcY5dv7vuw8UD2CmmrVKsQ7p/0FD+Q7b7QatJqYS:eIAZWcGv7N8UDa+VK790FqQTQc3S
Score10/10-
Detect Xworm Payload
-
Blocklisted process makes network request
-
Drops startup file
-
Adds Run key to start application
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-