Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
General
-
Target
setup.exe
-
Size
356KB
-
Sample
240710-1d6qrs1dpm
-
MD5
5783316be9eff4cebc0fedee80500e9d
-
SHA1
61b5d82d9da372c011ae2bbe050ecc47cd8a7da5
-
SHA256
a3959e3a8458fe1a3530b5866f7e970700cf156fc0b5f7ff015313fe62c984a5
-
SHA512
53c3f6768358f19bcdce131d050685f3bfc260a96fbc8963390361942c524456b286efb3b2af0c612e36f76d9e1e51aa28f9b81c09d58bb15e60109a63c52513
-
SSDEEP
6144:EhEN7+GRIGuXQs3frbL7rbL7rbL7rWG2mWG2mWG2mWG2mJ5pZJ5pZJ5pZJ7p0yNI:EG7dy90hSyWoYchYlVgFDuy+6
Malware Config
Extracted
xworm
127.0.0.1:48802
those-situation.gl.at.ply.gg:48802
-
Install_directory
%AppData%
-
install_file
x4host.exe
Targets
-
-
Target
setup.exe
-
Size
356KB
-
MD5
5783316be9eff4cebc0fedee80500e9d
-
SHA1
61b5d82d9da372c011ae2bbe050ecc47cd8a7da5
-
SHA256
a3959e3a8458fe1a3530b5866f7e970700cf156fc0b5f7ff015313fe62c984a5
-
SHA512
53c3f6768358f19bcdce131d050685f3bfc260a96fbc8963390361942c524456b286efb3b2af0c612e36f76d9e1e51aa28f9b81c09d58bb15e60109a63c52513
-
SSDEEP
6144:EhEN7+GRIGuXQs3frbL7rbL7rbL7rWG2mWG2mWG2mWG2mJ5pZJ5pZJ5pZJ7p0yNI:EG7dy90hSyWoYchYlVgFDuy+6
Score10/10-
Detect Xworm Payload
-
Xworm
Xworm is a remote access trojan written in C#.
-
Blocklisted process makes network request
-
Command and Scripting Interpreter: PowerShell
Run Powershell and hide display window.
-
Drops startup file
-
Adds Run key to start application
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-