Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
General
-
Target
Everything.exe
-
Size
1.1MB
-
Sample
240727-tyxv2axgrm
-
MD5
574e3b1c4f468cf59768cf5ef84aeedc
-
SHA1
ee826303db0bd1c8cdf79095b9297608df2f8891
-
SHA256
f2b7f2e4d4b1e2552c5739f1d790b39a99b0487f2fb0696fb683d4dfc29a913b
-
SHA512
312f4873cd47457e5c422f1a86343d7d91d935074fe8145c8da03a6244e4c36da1e532e38086ecf86f739f4cddeee978825a39af79da1b40c344cda71a64f8be
-
SSDEEP
24576:YP3HZagB7Jn6C5cZiLQ7ZCyEib1GZexgvOxxH8Z3:Yf5aUsZ9sHibODvOx6Z3
Malware Config
Extracted
xworm
rights-refers.gl.at.ply.gg:8848
localhost:8848
127.0.0.1:8848
-
Install_directory
%AppData%
-
install_file
svchost.exe
Targets
-
-
Target
Everything.exe
-
Size
1.1MB
-
MD5
574e3b1c4f468cf59768cf5ef84aeedc
-
SHA1
ee826303db0bd1c8cdf79095b9297608df2f8891
-
SHA256
f2b7f2e4d4b1e2552c5739f1d790b39a99b0487f2fb0696fb683d4dfc29a913b
-
SHA512
312f4873cd47457e5c422f1a86343d7d91d935074fe8145c8da03a6244e4c36da1e532e38086ecf86f739f4cddeee978825a39af79da1b40c344cda71a64f8be
-
SSDEEP
24576:YP3HZagB7Jn6C5cZiLQ7ZCyEib1GZexgvOxxH8Z3:Yf5aUsZ9sHibODvOx6Z3
Score10/10-
Detect Xworm Payload
-
Xworm
Xworm is a remote access trojan written in C#.
-
Drops startup file
-
Adds Run key to start application
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-