Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    sextape.exe

  • Size

    66KB

  • Sample

    240929-vmnnnawdld

  • MD5

    e7193cc5604f34faa83f73fc05b9c005

  • SHA1

    69da6d91173e30bafc8368a1c2135c09ec71a9be

  • SHA256

    1371009bc3d343a4a0ab6762113a0eee6a6b7b6ea39aa3cc4226144da0548427

  • SHA512

    c91904ce0897ddfe20bc0e7474b0630f1556337762c4c6d368d42f2946f98ceae4109c9f5b50566467270011b7f68cf4009085e9b2b746a8e0455fa408b69505

  • SSDEEP

    1536:7J5OnP2gbyDKJWF6C123bT+f1OOxHR3J:7J4PzbyNobaf1OOxHT

Score
10/10

Malware Config

Extracted

Family

xworm

C2

wednesday-knight.gl.at.ply.gg:48312

0xF488F3FA5541d79f0b1945ccA834cD6d939dD864:1

Attributes
  • Install_directory

    %AppData%

  • install_file

    USB.exe

Targets

    • Target

      sextape.exe

    • Size

      66KB

    • MD5

      e7193cc5604f34faa83f73fc05b9c005

    • SHA1

      69da6d91173e30bafc8368a1c2135c09ec71a9be

    • SHA256

      1371009bc3d343a4a0ab6762113a0eee6a6b7b6ea39aa3cc4226144da0548427

    • SHA512

      c91904ce0897ddfe20bc0e7474b0630f1556337762c4c6d368d42f2946f98ceae4109c9f5b50566467270011b7f68cf4009085e9b2b746a8e0455fa408b69505

    • SSDEEP

      1536:7J5OnP2gbyDKJWF6C123bT+f1OOxHR3J:7J4PzbyNobaf1OOxHT

    Score
    10/10
    • Detect Xworm Payload

    • Xworm

      Xworm is a remote access trojan written in C#.

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

MITRE ATT&CK Matrix

Tasks