Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    xwormport.exe

  • Size

    80KB

  • Sample

    241009-t9w3watdjg

  • MD5

    8b6c64186bf08072e4204ec3bde4147c

  • SHA1

    8381d71213c367c4dab4fbf9b33e081e339ad215

  • SHA256

    8950ce8d0d34da93e1540029b4ff17f127b8619dea6f0e5c90a0d9a78368f52a

  • SHA512

    fbc3b75b348f5345f1534f6e740fd696b85c4f2a4f88a616af52fd6d7ccb7b13b0427c0d5e0e7626d0561cba534c5792f54e00f24cc1fd97f7f3ce9ec11e1404

  • SSDEEP

    1536:+VNL/GiQfNlMYojPrZeHdD+8VKjuM4UKbdqmkmuH5f6Yf/JTOjaeKLz4:MNiiOPMXjPrZoD7Kju9UKbdSZRfxTOjx

Score
10/10

Malware Config

Extracted

Family

xworm

C2

MadeInMood1-40937.portmap.host:40937

Attributes
  • Install_directory

    %AppData%

  • install_file

    XClient.exe

  • telegram

    https://api.telegram.org/bot7375237961:AAFlPWXmEriRUUWDWeG1DeZifKaAFaWD10Q/sendMessage?chat_id=7534517325

Targets

    • Target

      xwormport.exe

    • Size

      80KB

    • MD5

      8b6c64186bf08072e4204ec3bde4147c

    • SHA1

      8381d71213c367c4dab4fbf9b33e081e339ad215

    • SHA256

      8950ce8d0d34da93e1540029b4ff17f127b8619dea6f0e5c90a0d9a78368f52a

    • SHA512

      fbc3b75b348f5345f1534f6e740fd696b85c4f2a4f88a616af52fd6d7ccb7b13b0427c0d5e0e7626d0561cba534c5792f54e00f24cc1fd97f7f3ce9ec11e1404

    • SSDEEP

      1536:+VNL/GiQfNlMYojPrZeHdD+8VKjuM4UKbdqmkmuH5f6Yf/JTOjaeKLz4:MNiiOPMXjPrZoD7Kju9UKbdSZRfxTOjx

    Score
    10/10
    • Detect Xworm Payload

    • Xworm

      Xworm is a remote access trojan written in C#.

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

MITRE ATT&CK Matrix

Tasks

We care about your privacy.

This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.