Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
General
-
Target
WIndows Defender.bat
-
Size
39.9MB
-
Sample
241001-h6s19s1eqc
-
MD5
3156d6e9effa40c04b6a3b8f89ed1472
-
SHA1
638edd578961a417f68819ea4c6a4f1c7c602151
-
SHA256
20f420d2318cf01f592a1c03eeb33dd2b38f25dcb38ab3d83a59f2b45b9675b7
-
SHA512
7a602e20449b02559bfc433d98378f8b340bc13eda179420534129f7f5c526243b5acacbdff9daf30189c7b2837c9495ac82f6a6b6a21cd0750109b8017c59fb
-
SSDEEP
49152:Cczd7kw7OEBLgMR+eFyueZMGiAvMeJJGODaUUxrO5a7DrJ4/GJgl9WNGCtab60uL:C0
Static task
static1
Malware Config
Extracted
xworm
cost-steam.gl.at.ply.gg:56373
-
Install_directory
%ProgramData%
-
install_file
Helper.exe
Targets
-
-
Target
WIndows Defender.bat
-
Size
39.9MB
-
MD5
3156d6e9effa40c04b6a3b8f89ed1472
-
SHA1
638edd578961a417f68819ea4c6a4f1c7c602151
-
SHA256
20f420d2318cf01f592a1c03eeb33dd2b38f25dcb38ab3d83a59f2b45b9675b7
-
SHA512
7a602e20449b02559bfc433d98378f8b340bc13eda179420534129f7f5c526243b5acacbdff9daf30189c7b2837c9495ac82f6a6b6a21cd0750109b8017c59fb
-
SSDEEP
49152:Cczd7kw7OEBLgMR+eFyueZMGiAvMeJJGODaUUxrO5a7DrJ4/GJgl9WNGCtab60uL:C0
-
Detect Xworm Payload
-
XMRig Miner payload
-
Blocklisted process makes network request
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Drops file in System32 directory
-
Suspicious use of SetThreadContext
-