Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    ModifiedInjectedScript.ps1

  • Size

    245KB

  • Sample

    240908-wy2kbszfmq

  • MD5

    fbd0c3840741789fbd9134bc238ef0bf

  • SHA1

    484099f778d8e06fc7c85dd07722ce6a66e5263c

  • SHA256

    f0a686f2fa59128abb1a1864a35ca6eddb07e907f342e7e242cdd97be8ab9d1a

  • SHA512

    b521579d79ca422fb001ec5bf659fd46db100513c6f01a13eb0dba972f2abe737772e2934805920e56aa2f9bbc1efedbcd3e9da160c869cc97f63b46a2a32429

  • SSDEEP

    1536:CBLDlZMXoSumX+Kh2g5Im01XS76UgWYtvEdoSmNHfmZ26zgEPGtkkhZlNkTD5lUc:CNxvXQP2l80c6MJZs5clpY9GmOPdJ

Malware Config

Extracted

Family

xworm

C2

super-nearest.gl.at.ply.gg:17835

Attributes
  • install_file

    USB.exe

Targets

    • Target

      ModifiedInjectedScript.ps1

    • Size

      245KB

    • MD5

      fbd0c3840741789fbd9134bc238ef0bf

    • SHA1

      484099f778d8e06fc7c85dd07722ce6a66e5263c

    • SHA256

      f0a686f2fa59128abb1a1864a35ca6eddb07e907f342e7e242cdd97be8ab9d1a

    • SHA512

      b521579d79ca422fb001ec5bf659fd46db100513c6f01a13eb0dba972f2abe737772e2934805920e56aa2f9bbc1efedbcd3e9da160c869cc97f63b46a2a32429

    • SSDEEP

      1536:CBLDlZMXoSumX+Kh2g5Im01XS76UgWYtvEdoSmNHfmZ26zgEPGtkkhZlNkTD5lUc:CNxvXQP2l80c6MJZs5clpY9GmOPdJ

    • Detect Xworm Payload

    • Xworm

      Xworm is a remote access trojan written in C#.

    • Command and Scripting Interpreter: PowerShell

      Using powershell.exe command.

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

MITRE ATT&CK Enterprise v15

Tasks