Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
General
-
Target
Free.bat
-
Size
190KB
-
Sample
240704-xmhhratdkp
-
MD5
6a1fd175668c34faf07a9f82dcd61884
-
SHA1
b2232ad243c3596bc29716d085a6bc8ba328e12c
-
SHA256
1a158ec89f3a579cb370fce8c79de20c4943b84d584ff2f63d476209f3c29873
-
SHA512
e66d20eb6d80fea715096c073ff41ece7ca243ccc4dd5ccf216261c64147660bcfa780d044f4d9cdcb212ca65c2b4309ab07253cbbbcf8ef90706b03a729a2c3
-
SSDEEP
3072:f4UH4Z5TsZPHVN70jXQw0o26RdIrQGgjStDcejhbXvqR61dqWsjocgcsR3gTEcat:fDtVN70cwV2MIlrtD9bXCWqWgocIwbx4
Static task
static1
Malware Config
Extracted
xworm
executive-factory.gl.at.ply.gg:58101
-
install_file
USB.exe
Targets
-
-
Target
Free.bat
-
Size
190KB
-
MD5
6a1fd175668c34faf07a9f82dcd61884
-
SHA1
b2232ad243c3596bc29716d085a6bc8ba328e12c
-
SHA256
1a158ec89f3a579cb370fce8c79de20c4943b84d584ff2f63d476209f3c29873
-
SHA512
e66d20eb6d80fea715096c073ff41ece7ca243ccc4dd5ccf216261c64147660bcfa780d044f4d9cdcb212ca65c2b4309ab07253cbbbcf8ef90706b03a729a2c3
-
SSDEEP
3072:f4UH4Z5TsZPHVN70jXQw0o26RdIrQGgjStDcejhbXvqR61dqWsjocgcsR3gTEcat:fDtVN70cwV2MIlrtD9bXCWqWgocIwbx4
-
Detect Xworm Payload
-
Command and Scripting Interpreter: PowerShell
Run Powershell to modify Windows Defender settings to add exclusions for file extensions, paths, and processes.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-