Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Resubmissions

18/10/2024, 00:32

241018-avtvesybqp 10

18/10/2024, 00:24

241018-ap6xssveqg 10

General

  • Target

    Xeno-Executor-v1.0.8-main.zip

  • Size

    4.1MB

  • Sample

    241018-ap6xssveqg

  • MD5

    5f092e0d074a1a45f22db0bd55c0931f

  • SHA1

    9294aa768de3f0ef8a6468854e2d118c5a72d6fe

  • SHA256

    5f6b7fac414c602989c14283e4bfd01a9dad04d84d178a4fd108d1e5d133eaf4

  • SHA512

    346eae473dadbd7f05743ea02a49fc4c1fd7a92d8b7e09fa8f8291a5ddf3619e6c0ab1196e4d46a930e54c110abf461966fbf4dae5fff1cf6dfd756b46d2a0a0

  • SSDEEP

    98304:4FP5+BAtOValm08CkdzmbjjgAPd1fJ+BOxbaYZ01dvpbN8:4L+B6O8lmNC4SbjjgM1fJ+S1UlS

Score
10/10

Malware Config

Extracted

Family

xworm

C2

like-minute.gl.at.ply.gg:57419

Attributes
  • Install_directory

    %AppData%

  • install_file

    antivirus.exe

Targets

    • Target

      Xeno-Executor-v1.0.8-main.zip

    • Size

      4.1MB

    • MD5

      5f092e0d074a1a45f22db0bd55c0931f

    • SHA1

      9294aa768de3f0ef8a6468854e2d118c5a72d6fe

    • SHA256

      5f6b7fac414c602989c14283e4bfd01a9dad04d84d178a4fd108d1e5d133eaf4

    • SHA512

      346eae473dadbd7f05743ea02a49fc4c1fd7a92d8b7e09fa8f8291a5ddf3619e6c0ab1196e4d46a930e54c110abf461966fbf4dae5fff1cf6dfd756b46d2a0a0

    • SSDEEP

      98304:4FP5+BAtOValm08CkdzmbjjgAPd1fJ+BOxbaYZ01dvpbN8:4L+B6O8lmNC4SbjjgM1fJ+S1UlS

    Score
    10/10
    • Detect Xworm Payload

    • Xworm

      Xworm is a remote access trojan written in C#.

    • Executes dropped EXE

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

MITRE ATT&CK Matrix

Tasks