Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
General
-
Target
KRX.rar
-
Size
19.1MB
-
Sample
241005-max3katfkb
-
MD5
087d5ea15e4c6357da6f9d21596ff7f1
-
SHA1
7498be609ae19ab131d077b2cf242e772b307da7
-
SHA256
a658cb39f6346cb2150f88982501a607d1f01c4f8ffad1a4a0e550693ad21db9
-
SHA512
e0ddae51913209d00a52067771d688dd784851b3d070a7832ccfcf818254067ca2a2e2be31b36f5061373a064d6bc459fb10a4043acffe60c799238f46d98075
-
SSDEEP
393216:VTaDcC6vTMUvKogbcyol858CmhiGk/CJ+WraK29OLRci8Dl1MY5nH:3C6L/NgbP885d8YubSi8Dl2AH
Malware Config
Extracted
xworm
127.0.0.1:56384
22.ip.gl.ply.gg:56384
-
Install_directory
%AppData%
-
install_file
System.exe
Targets
-
-
Target
KRX обновленная версия/Krx Обновленная версия.exe
-
Size
65KB
-
MD5
e7a6ec69e6bed73ec2c858f202679444
-
SHA1
c65b59c8251101b5737bee8ec83737ee43c2c481
-
SHA256
20fbb2958861b7b995343c13b41f6eb058e812463afc080e61af4d317b132223
-
SHA512
426d29fb4b936be161f5da8ed9f625afc7cf9c7c29da3c13c6b681d4fde7c1b8983f16c43d13e4b91547258cf682bf65aeddec2f64bb7b777d8c15b3c408a19b
-
SSDEEP
1536:RfrO2VZW+wFw/G0OpsouwMjW+bY1OIaBl62kvOKCpVd/wQqnF:5rOpwWMK+bYekvOKCbd/vAF
Score10/10-
Detect Xworm Payload
-
Xworm
Xworm is a remote access trojan written in C#.
-
Command and Scripting Interpreter: PowerShell
Run Powershell to modify Windows Defender settings to add exclusions for file extensions, paths, and processes.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Drops startup file
-
Adds Run key to start application
-
-
-
Target
KRX обновленная версия/fastutil-8.5.9.jar
-
Size
22.3MB
-
MD5
a20da3754d5f4b8f297f9274f1843caa
-
SHA1
bb7ea75ecdb216654237830b3a96d87ad91f8cc5
-
SHA256
9578bf2a1700cf20d21746a2ee89e57ba1abbd37fa9feda68ff5e9a28473a7f9
-
SHA512
649bc8676b3327cfd46c6461dde4242848f1afa4ef0fbc719fdab32c4b222e513db72dc4013d9e2a38f30bca33752ee7caeedafed4faa11e28c9492d67c824fb
-
SSDEEP
393216:oxISXki6cwdNlKRhde8ioG24RRU0TA+nw4M4oW2PkLzHhLMRILG0W98Qzqp:oxIkk95K7driod4RX/nR12sjLAuQzY
Score1/10 -