Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
General
-
Target
Lethal Company Server Fixer.bat
-
Size
482KB
-
Sample
240726-p99xhsyhpj
-
MD5
8cecf4c9b8653a9885bc14260c674fec
-
SHA1
2038ebc58360fad62968f0e3ec7ea4e938384aa5
-
SHA256
fb02b44b720c9a40344758299c29364fdc86fa685ee5457b2e625ddf528dae28
-
SHA512
c183f8b6d6f0133f7fa3c378f0bff72880d6f74fff05353d9833d038d88e02aab9b9eb8d007f2d8d76e3d66945cfba7672dc96cd28a5ba9bda026ec62f7bdbb4
-
SSDEEP
12288:W6UIUDXaIHSj870S7xNL0bWrTpA43+r+vFf4mSJGKlc:WCUDXRSe0Y9AVKFgmSJGKlc
Static task
static1
Malware Config
Extracted
xworm
hard-tyler.gl.at.ply.gg:27490
-
Install_directory
%Temp%
-
install_file
systemprocess.exe
Targets
-
-
Target
Lethal Company Server Fixer.bat
-
Size
482KB
-
MD5
8cecf4c9b8653a9885bc14260c674fec
-
SHA1
2038ebc58360fad62968f0e3ec7ea4e938384aa5
-
SHA256
fb02b44b720c9a40344758299c29364fdc86fa685ee5457b2e625ddf528dae28
-
SHA512
c183f8b6d6f0133f7fa3c378f0bff72880d6f74fff05353d9833d038d88e02aab9b9eb8d007f2d8d76e3d66945cfba7672dc96cd28a5ba9bda026ec62f7bdbb4
-
SSDEEP
12288:W6UIUDXaIHSj870S7xNL0bWrTpA43+r+vFf4mSJGKlc:WCUDXRSe0Y9AVKFgmSJGKlc
-
Detect Xworm Payload
-
Blocklisted process makes network request
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Drops startup file
-
Adds Run key to start application
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-