Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
General
-
Target
WizWorm (Modified XWorm).zip
-
Size
24.8MB
-
Sample
240715-txp4sssbqb
-
MD5
32ecce31bdf92872683db61212ff5680
-
SHA1
5f6b12892d7e2ef406a890207b0e7cfede5b3c66
-
SHA256
e38c9eb5ca2d9e9f287e914cc3b6c667cb64aaa4251671e268d741b95da2dd80
-
SHA512
8da875b941b937a43b13786179a33e9062742dadc6cebed36a10b4182c5e79074293b09cfe212400eca83c8c08cc5ca3756a48d5f05f606e2cab92a7e6e3c0c7
-
SSDEEP
786432:wMzXzpPSOsuxVYWR2LHsdOVGRRCCxbLwjTtDTgV:wMzXzpPSLuv/2LMUURHuTI
Malware Config
Extracted
xworm
auto-london.gl.at.ply.gg:51655
-
Install_directory
%LocalAppData%
-
install_file
NigNigRat.exe
Targets
-
-
Target
WizWorm (Modified XWorm)/WizWorm.exe
-
Size
99KB
-
MD5
a9b00ac5f9c02e540c61381a5fae62c3
-
SHA1
273e272cc73d519c5cba2839de4e6043fd8977b0
-
SHA256
3ad4aa1921b844c635bbeef2a492a3d1ff134af6a38a1c31d7d264da3e192a38
-
SHA512
924316a6cd0b91617d23010cc031ccbc1a99c4d72f9199fb3215d68ae6ea6cc9c3a4888777bf4c72d920d940e68b828a4ede75c299a5f7b7f804250cea4ae570
-
SSDEEP
1536:n1vP5KmktoR0wQNB+QC+ZMh/uFPah6x2C4bFwOL/n6106/Y7FwoOLTrXatVSFayK:VxLCLN06PahfLbFZL/6PWZOL6GPPy
-
Detect Xworm Payload
-
Command and Scripting Interpreter: PowerShell
Run Powershell to modify Windows Defender settings to add exclusions for file extensions, paths, and processes.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-