Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
General
-
Target
Boostrapper.exe
-
Size
27.6MB
-
Sample
240930-rxgrbavanc
-
MD5
58c1371464d97d7d81cd2befb0591a25
-
SHA1
93e0a424730d228db4cf5a140c131a2368756e9e
-
SHA256
d99ad8a5da3079b1993cbe5141081257dc715d0b2c38e7b8a7231fdb0b51b2f1
-
SHA512
b71f9d86a120003337e0f45b117fe636a1fe2089b2a5042c10a5ce78a3ec2ced110737ff033c640206ffb6dae7fa8c319052df5fe49ffbe58c607366af1c1346
-
SSDEEP
786432:+hQiXgPQEErUlqsA3XTg52cP57vDACrv3FqbqS:KQE89Ed3XTg5l57v0eqbP
Behavioral task
behavioral1
Sample
Boostrapper.exe
Resource
win7-20240729-en
Malware Config
Extracted
xworm
22.ip.gl.ply.gg:55064
-
Install_directory
%AppData%
-
install_file
Console Windows App.exe
Targets
-
-
Target
Boostrapper.exe
-
Size
27.6MB
-
MD5
58c1371464d97d7d81cd2befb0591a25
-
SHA1
93e0a424730d228db4cf5a140c131a2368756e9e
-
SHA256
d99ad8a5da3079b1993cbe5141081257dc715d0b2c38e7b8a7231fdb0b51b2f1
-
SHA512
b71f9d86a120003337e0f45b117fe636a1fe2089b2a5042c10a5ce78a3ec2ced110737ff033c640206ffb6dae7fa8c319052df5fe49ffbe58c607366af1c1346
-
SSDEEP
786432:+hQiXgPQEErUlqsA3XTg52cP57vDACrv3FqbqS:KQE89Ed3XTg5l57v0eqbP
-
Detect Xworm Payload
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Enumerates processes with tasklist
-