Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
General
-
Target
NOTrat.exe
-
Size
263KB
-
Sample
240914-w8seeayfmp
-
MD5
40bef15d7e355d96e8982f1c5f269db1
-
SHA1
1f1718f81ef2aeb00ac062d772ac8eb818152fce
-
SHA256
4a82cea3a78aa450b32194da67f92dd3f57773e12bf4a53ccfa2dcaf0a310d68
-
SHA512
f5aac9923714732e6a5d38ee05467cf0ab159628ea7f6d1bd9831cfafd3dc679bd7169ec831edb731881e05e8a0b9e6668209447a69e547bf0f3dac8634654d7
-
SSDEEP
6144:39AbtRuzzzzdhXV57nWo2RBvQ6VZpZPe:tgehXVdWz2YfU
Behavioral task
behavioral1
Sample
NOTrat.exe
Resource
win7-20240903-en
Behavioral task
behavioral2
Sample
NOTrat.exe
Resource
win10v2004-20240802-en
Malware Config
Extracted
xworm
193.161.193.99:5500
127.0.0.1:5500:5500
127.0.0.1:5500
-
Install_directory
%AppData%
-
install_file
ValorantTGB.exe
Targets
-
-
Target
NOTrat.exe
-
Size
263KB
-
MD5
40bef15d7e355d96e8982f1c5f269db1
-
SHA1
1f1718f81ef2aeb00ac062d772ac8eb818152fce
-
SHA256
4a82cea3a78aa450b32194da67f92dd3f57773e12bf4a53ccfa2dcaf0a310d68
-
SHA512
f5aac9923714732e6a5d38ee05467cf0ab159628ea7f6d1bd9831cfafd3dc679bd7169ec831edb731881e05e8a0b9e6668209447a69e547bf0f3dac8634654d7
-
SSDEEP
6144:39AbtRuzzzzdhXV57nWo2RBvQ6VZpZPe:tgehXVdWz2YfU
Score10/10-
Detect Xworm Payload
-
Drops startup file
-
Adds Run key to start application
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-