Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
General
-
Target
cvghfy.exe
-
Size
246KB
-
Sample
241120-j99nvstqcy
-
MD5
81803959df039efd73a59e513065ea5c
-
SHA1
22328ae1cbf3c7e21b374bfcff7938d3f11f6459
-
SHA256
46affe6213f26e1a5446134c994e14d3f3f500e3c88f7867e3102c4b171cead1
-
SHA512
a01ab581c35a38631e8074d3c6f4412397874b80684374bc5db426de908d84fac98dfd0bfba1c1db5bb8c559fc88f6fac1918ad06b79050b4b5704b973bf53b3
-
SSDEEP
6144:CnDuwnNVmnw99r8ehzRij+NNirOyZ13QzGI71wI:CnDpnewrrlNIuN54lQzGI71N
Static task
static1
Behavioral task
behavioral1
Sample
cvghfy.exe
Resource
win7-20240729-en
Malware Config
Extracted
xenorat
87.120.116.115
Xeno_rat_nd8912d
-
delay
60000
-
install_path
temp
-
port
1391
-
startup_name
nothingset
Targets
-
-
Target
cvghfy.exe
-
Size
246KB
-
MD5
81803959df039efd73a59e513065ea5c
-
SHA1
22328ae1cbf3c7e21b374bfcff7938d3f11f6459
-
SHA256
46affe6213f26e1a5446134c994e14d3f3f500e3c88f7867e3102c4b171cead1
-
SHA512
a01ab581c35a38631e8074d3c6f4412397874b80684374bc5db426de908d84fac98dfd0bfba1c1db5bb8c559fc88f6fac1918ad06b79050b4b5704b973bf53b3
-
SSDEEP
6144:CnDuwnNVmnw99r8ehzRij+NNirOyZ13QzGI71wI:CnDpnewrrlNIuN54lQzGI71N
-
Detect XenoRat Payload
-
Xenorat family
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Suspicious use of SetThreadContext
-