Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    lacks.py.exe

  • Size

    44KB

  • MD5

    c5b1a6040033863fd8bfdd5228e18f52

  • SHA1

    e5d722229b5763e1696c0050c03c1bb3e10a985d

  • SHA256

    fcbd4dea80c08ac6b4a9900063cd99e09d0d0ebd8c1f3121aaccfa0633a40dcc

  • SHA512

    bb8e5e1828fa63ee0180977bd3b2c3eac913545d39f275ae4fdcc8edeabd5b24bfbce6fd66e766b7def9c514f12c5ca7ee4c277d300beba60488733df725f265

  • SSDEEP

    768:c0yUbkms0JqxXAsvf1f3okU2jCp/J7X+F+R9pPb6vOChzbWL6f:c0/bkt0JqhAmfR5U2jG/FOF09Rb6vOCh

Score
10/10

Malware Config

Extracted

Family

xworm

Version

5.0

C2

coming-park.gl.at.ply.gg:2444

Mutex

K7NSFqXjepnC2GKu

Attributes
  • Install_directory

    %AppData%

  • install_file

    USB.exe

aes.plain

Signatures

  • Detect Xworm Payload 1 IoCs
  • Xworm family
  • Unsigned PE 1 IoCs

    Checks for missing Authenticode signature.

Files

  • lacks.py.exe
    .exe windows:4 windows x86 arch:x86

    f34d5f2d4577ed6d9ceec516c1f5a744


    Headers

    Imports

    Sections