Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

10

Static

static

10

Discord-To...ed.exe

windows10-ltsc 2021-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    Discord-Tool-Updated.exe

  • Size

    32KB

  • Sample

    250228-1whrnazpy5

  • MD5

    db8e8ffce7848a2ace93686705254fb5

  • SHA1

    4d3e1b1be98c9ccec2ac1c8dfc0fadd6ac1ac836

  • SHA256

    42e7824accbcfe9580b953a0d148e900ed9f6a1d350d862e9ca2c907dbdc0b6e

  • SHA512

    4f86fc12cf9392533892ce1d7bee60bd7fef314ba6c5c48a0ae40748e14dd44794606d0375f39ed5a883d5aadeccd1d87caa3b1215496892017d2d804c3d86f2

  • SSDEEP

    384:oYxRXcrP31VZBELRlnvJff3cdiwCYRJpkFTBLToOZwxJd2v99IkuisuVFxOjhAbS:YPjgRpvJ3cdUYGF/9j7OjhAbS

Score
10/10
xwormrattrojan

Malware Config

Extracted

Family

xworm

Version

5.0

Mutex

Ce4ySYnAtrKbWNiJ

Attributes
  • install_file

    USB.exe

  • pastebin_url

    https://pastebin.com/raw/mAVFPFiv

aes.plain

Targets

    • Target

      Discord-Tool-Updated.exe

    • Size

      32KB

    • MD5

      db8e8ffce7848a2ace93686705254fb5

    • SHA1

      4d3e1b1be98c9ccec2ac1c8dfc0fadd6ac1ac836

    • SHA256

      42e7824accbcfe9580b953a0d148e900ed9f6a1d350d862e9ca2c907dbdc0b6e

    • SHA512

      4f86fc12cf9392533892ce1d7bee60bd7fef314ba6c5c48a0ae40748e14dd44794606d0375f39ed5a883d5aadeccd1d87caa3b1215496892017d2d804c3d86f2

    • SSDEEP

      384:oYxRXcrP31VZBELRlnvJff3cdiwCYRJpkFTBLToOZwxJd2v99IkuisuVFxOjhAbS:YPjgRpvJ3cdUYGF/9j7OjhAbS

    Score
    10/10
    xwormrattrojan

    • Detect Xworm Payload

    • Xworm

      Xworm is a remote access trojan written in C#.

      trojanratxworm

    • Xworm family

      xworm

    • Legitimate hosting services abused for malware hosting/C2

    behavioral1

MITRE ATT&CK Enterprise v15

Tasks