Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
General
-
Target
WizClient.exe
-
Size
83KB
-
Sample
241009-ea5teawele
-
MD5
2c383a77bce8c6283ef976b2a677f0f4
-
SHA1
5b086390d1add27d44f4a3859b4daaa74af65868
-
SHA256
21e2e1a1ad225e01e997a3cca99b8d4313ae3b73263adbc9b416193c94a2153a
-
SHA512
87624bec9d2db6bdf8d876e3d238f8fdb8c707b658b51b3b5877435c632809f8fbf6da0f03dc025031a112308d2a990c7c76f458bdbbfb32949423f25bbf6e16
-
SSDEEP
1536:X0ixKm49LXmWNbI2jjmhs7y/ZgdtqKz6Y1O27BaDtT:X0iJ4BWSbIwjm0y/crv1O66t
Malware Config
Extracted
xworm
returns-traveler.gl.at.ply.gg:13452
-
Install_directory
%ProgramData%
-
install_file
USB.exe
Targets
-
-
Target
WizClient.exe
-
Size
83KB
-
MD5
2c383a77bce8c6283ef976b2a677f0f4
-
SHA1
5b086390d1add27d44f4a3859b4daaa74af65868
-
SHA256
21e2e1a1ad225e01e997a3cca99b8d4313ae3b73263adbc9b416193c94a2153a
-
SHA512
87624bec9d2db6bdf8d876e3d238f8fdb8c707b658b51b3b5877435c632809f8fbf6da0f03dc025031a112308d2a990c7c76f458bdbbfb32949423f25bbf6e16
-
SSDEEP
1536:X0ixKm49LXmWNbI2jjmhs7y/ZgdtqKz6Y1O27BaDtT:X0iJ4BWSbIwjm0y/crv1O66t
-
Detect Xworm Payload
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-