Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
General
-
Target
mnjxai.exe
-
Size
29KB
-
Sample
240828-z4zvgayclj
-
MD5
f2867efa7b2c31827f4e9d7c7ed5a5e1
-
SHA1
412f7653714eab545ed97f27d4af40b8f22d11e5
-
SHA256
bcca89e8ec351c026bb6650860d4ff0f1ed2bc02ee4874adfa57b1a464ac629b
-
SHA512
5dce27f7fad31bd6149022002a81a849f4222b18da1aad4298834aa04514a42a1b9e7c68aa67bf572254ac8db9dfe42d87e551fe32a83d23b8432cf8608ac485
-
SSDEEP
384:uzLn3QQwuJ+XJaQaZcxp9tTv1GBHY9VePKE1Fho4HW5431vtVkdrMAwhx0Vo/On9:Kn1wcmBFVQdPKExW54+d5MN/4h5
Static task
static1
Malware Config
Extracted
xworm
5.0
mode-clusters.gl.at.ply.gg:36304
4ve1OmdqYAgbmjh9
-
Install_directory
%ProgramData%
-
install_file
USB.exe
Targets
-
-
Target
mnjxai.exe
-
Size
29KB
-
MD5
f2867efa7b2c31827f4e9d7c7ed5a5e1
-
SHA1
412f7653714eab545ed97f27d4af40b8f22d11e5
-
SHA256
bcca89e8ec351c026bb6650860d4ff0f1ed2bc02ee4874adfa57b1a464ac629b
-
SHA512
5dce27f7fad31bd6149022002a81a849f4222b18da1aad4298834aa04514a42a1b9e7c68aa67bf572254ac8db9dfe42d87e551fe32a83d23b8432cf8608ac485
-
SSDEEP
384:uzLn3QQwuJ+XJaQaZcxp9tTv1GBHY9VePKE1Fho4HW5431vtVkdrMAwhx0Vo/On9:Kn1wcmBFVQdPKExW54+d5MN/4h5
-
Detect Xworm Payload
-
Command and Scripting Interpreter: PowerShell
Run Powershell to modify Windows Defender settings to add exclusions for file extensions, paths, and processes.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Drops startup file
-
Executes dropped EXE
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-