Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
General
-
Target
для дискорда подцветка.exe
-
Size
74KB
-
Sample
240806-f4pvqavckf
-
MD5
1fff6319630c8840455856ccfc3fab6b
-
SHA1
8d23d47c005cb8e59da31d6f5ceacdafda3a2ea3
-
SHA256
f58fa175e86798fe2448f5505e6593f4970d584cb6a59c2e35ae3508053f99b5
-
SHA512
32dcf2abef8f015bf9b8dbbbfdeddab47aef4ef062c6e812e83f6e363a701bc2296727f7971c7eebd4cce2023d14f092612ba6a4eaa8c40d0ad841e9d860943b
-
SSDEEP
1536:ZRhuDQx5Y55vNUWmjS9HnxbZgQz6vOcb9XjIdhd:jwsq5v+WNFnxbZmOcbFjqd
Behavioral task
behavioral1
Sample
для дискорда подцветка.exe
Resource
win11-20240802-en
Malware Config
Extracted
xworm
127.0.0.1:8848
localhost:8848
domain-vote.gl.at.ply.gg:8848
-
Install_directory
%AppData%
-
install_file
XClient.exe
Targets
-
-
Target
для дискорда подцветка.exe
-
Size
74KB
-
MD5
1fff6319630c8840455856ccfc3fab6b
-
SHA1
8d23d47c005cb8e59da31d6f5ceacdafda3a2ea3
-
SHA256
f58fa175e86798fe2448f5505e6593f4970d584cb6a59c2e35ae3508053f99b5
-
SHA512
32dcf2abef8f015bf9b8dbbbfdeddab47aef4ef062c6e812e83f6e363a701bc2296727f7971c7eebd4cce2023d14f092612ba6a4eaa8c40d0ad841e9d860943b
-
SSDEEP
1536:ZRhuDQx5Y55vNUWmjS9HnxbZgQz6vOcb9XjIdhd:jwsq5v+WNFnxbZmOcbFjqd
Score10/10-
Detect Xworm Payload
-
Command and Scripting Interpreter: PowerShell
Run Powershell to modify Windows Defender settings to add exclusions for file extensions, paths, and processes.
-
Drops startup file
-
Adds Run key to start application
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-