Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Resubmissions

08/11/2024, 23:00

241108-2zc61svjdr 10

07/11/2024, 22:05

241107-1zhaasymcw 8

General

  • Target

    cmd.exe

  • Size

    17.7MB

  • Sample

    241108-2zc61svjdr

  • MD5

    eda1e5e0db3a2b4039541ef092343bc5

  • SHA1

    a1e4baf01801b616c57abf1c53194aec548e925e

  • SHA256

    20a2b53fa64b657e9b7ad71389ea2f6062ad5a98d69e77ec6071a573c479f770

  • SHA512

    9379c389ce2f79d345e5f1ac79c281749b74e4d47d9490a2cd6d6f4802e6ffdfa0562f86a2b53b26399502abe20ca3500f1d815e098e4f47307612434b6523b4

  • SSDEEP

    393216:JcofJHb9LhNy9Ihwu1wChdGKw+6j+XIqaEslSzrwy:JlfBb99NyLUP9NTs7y

Malware Config

Targets

    • Target

      cmd.exe

    • Size

      17.7MB

    • MD5

      eda1e5e0db3a2b4039541ef092343bc5

    • SHA1

      a1e4baf01801b616c57abf1c53194aec548e925e

    • SHA256

      20a2b53fa64b657e9b7ad71389ea2f6062ad5a98d69e77ec6071a573c479f770

    • SHA512

      9379c389ce2f79d345e5f1ac79c281749b74e4d47d9490a2cd6d6f4802e6ffdfa0562f86a2b53b26399502abe20ca3500f1d815e098e4f47307612434b6523b4

    • SSDEEP

      393216:JcofJHb9LhNy9Ihwu1wChdGKw+6j+XIqaEslSzrwy:JlfBb99NyLUP9NTs7y

    • Detect Xworm Payload

    • Xworm

      Xworm is a remote access trojan written in C#.

    • Xworm family

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Adds Run key to start application

    • Legitimate hosting services abused for malware hosting/C2

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

MITRE ATT&CK Enterprise v15

Tasks