Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
General
-
Target
nelomiasteczny.exe
-
Size
33KB
-
Sample
240827-2lmhjaxapj
-
MD5
5c487f81af703722cda81d5f5510a027
-
SHA1
aba146063b22ffed8d20a67f6475c732bb3dc0d3
-
SHA256
41f8ff096c9178a1f5a8a76f64574214a43f30af33571406903f3a9d0dbbea44
-
SHA512
1b9e36000cac0a2b2deb9049ae04778c8b4b9d15b2e3c306542454393af0c461dc95cdc29fc78731343f3bd445bb146a43333135a5ec3f477a1272e11a58d397
-
SSDEEP
384:9l+PkjD9+E5MFs7iui8L7zxM42pfL3iB7OxVqWYRApkFXBLTsOZwpGN2v99IkuiQ:3+CD93W03242JiB706VF49jChOjhsbF
Malware Config
Extracted
xworm
5.0
lefferek-42016.portmap.host:42016
bNP6qMPM6Cdrrc5E
-
install_file
USB.exe
Targets
-
-
Target
nelomiasteczny.exe
-
Size
33KB
-
MD5
5c487f81af703722cda81d5f5510a027
-
SHA1
aba146063b22ffed8d20a67f6475c732bb3dc0d3
-
SHA256
41f8ff096c9178a1f5a8a76f64574214a43f30af33571406903f3a9d0dbbea44
-
SHA512
1b9e36000cac0a2b2deb9049ae04778c8b4b9d15b2e3c306542454393af0c461dc95cdc29fc78731343f3bd445bb146a43333135a5ec3f477a1272e11a58d397
-
SSDEEP
384:9l+PkjD9+E5MFs7iui8L7zxM42pfL3iB7OxVqWYRApkFXBLTsOZwpGN2v99IkuiQ:3+CD93W03242JiB706VF49jChOjhsbF
-
Detect Xworm Payload
-
Legitimate hosting services abused for malware hosting/C2
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Writes to the Master Boot Record (MBR)
Bootkits write to the MBR to gain persistence at a level below the operating system.
-