Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    674498d7efc61696666dfb65f019ef50N.exe

  • Size

    119KB

  • Sample

    240822-r46zsavfnp

  • MD5

    674498d7efc61696666dfb65f019ef50

  • SHA1

    3ab2475c34f51e31defbc87179dccaebea81649b

  • SHA256

    1a0415b183819e7aab0e90aaa797c5dd3538319657d72e7f07eda0bf4fba7022

  • SHA512

    d20a1ae850f9545c49d702cb18fa166e1062e9ee78ddd326242d04db848fd6c3a034fa283e52eba4fd18e90e89944fd21d9606a2e43eee65a07ab763550146a3

  • SSDEEP

    1536:4Cr2lfwjzwGc5eIfwbzhnrSHlsCIOUNrhfSw/joT3/4D:4CrSczcKblrCspOUNrcw7oL8

Score
10/10

Malware Config

Extracted

Family

xworm

C2

176.96.233.233:7432

Attributes
  • install_file

    USB.exe

Targets

    • Target

      674498d7efc61696666dfb65f019ef50N.exe

    • Size

      119KB

    • MD5

      674498d7efc61696666dfb65f019ef50

    • SHA1

      3ab2475c34f51e31defbc87179dccaebea81649b

    • SHA256

      1a0415b183819e7aab0e90aaa797c5dd3538319657d72e7f07eda0bf4fba7022

    • SHA512

      d20a1ae850f9545c49d702cb18fa166e1062e9ee78ddd326242d04db848fd6c3a034fa283e52eba4fd18e90e89944fd21d9606a2e43eee65a07ab763550146a3

    • SSDEEP

      1536:4Cr2lfwjzwGc5eIfwbzhnrSHlsCIOUNrhfSw/joT3/4D:4CrSczcKblrCspOUNrcw7oL8

    Score
    10/10
    • Detect Xworm Payload

    • Xworm

      Xworm is a remote access trojan written in C#.

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

MITRE ATT&CK Matrix

Tasks