Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    WizClient.exe

  • Size

    83KB

  • Sample

    241009-ea5teawele

  • MD5

    2c383a77bce8c6283ef976b2a677f0f4

  • SHA1

    5b086390d1add27d44f4a3859b4daaa74af65868

  • SHA256

    21e2e1a1ad225e01e997a3cca99b8d4313ae3b73263adbc9b416193c94a2153a

  • SHA512

    87624bec9d2db6bdf8d876e3d238f8fdb8c707b658b51b3b5877435c632809f8fbf6da0f03dc025031a112308d2a990c7c76f458bdbbfb32949423f25bbf6e16

  • SSDEEP

    1536:X0ixKm49LXmWNbI2jjmhs7y/ZgdtqKz6Y1O27BaDtT:X0iJ4BWSbIwjm0y/crv1O66t

Score
10/10

Malware Config

Extracted

Family

xworm

C2

returns-traveler.gl.at.ply.gg:13452

Attributes
  • Install_directory

    %ProgramData%

  • install_file

    USB.exe

Targets

    • Target

      WizClient.exe

    • Size

      83KB

    • MD5

      2c383a77bce8c6283ef976b2a677f0f4

    • SHA1

      5b086390d1add27d44f4a3859b4daaa74af65868

    • SHA256

      21e2e1a1ad225e01e997a3cca99b8d4313ae3b73263adbc9b416193c94a2153a

    • SHA512

      87624bec9d2db6bdf8d876e3d238f8fdb8c707b658b51b3b5877435c632809f8fbf6da0f03dc025031a112308d2a990c7c76f458bdbbfb32949423f25bbf6e16

    • SSDEEP

      1536:X0ixKm49LXmWNbI2jjmhs7y/ZgdtqKz6Y1O27BaDtT:X0iJ4BWSbIwjm0y/crv1O66t

    Score
    10/10
    • Detect Xworm Payload

    • Xworm

      Xworm is a remote access trojan written in C#.

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

MITRE ATT&CK Matrix

Tasks