Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

10

Static

static

3

2FEZ4_WindowsApp1.exe

windows7-x64

10

2FEZ4_WindowsApp1.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    2FEZ4_WindowsApp1.exe

  • Size

    417KB

  • Sample

    250228-2b7eys1pv4

  • MD5

    e039c59410e9cbba059a36f31b4b7c53

  • SHA1

    b0371be344811b418d30c8baabe7cd8dc9e23fcd

  • SHA256

    4c7fece52c1341f3af5ff77e865bea333a720479238e06f48f28b1db5107d76d

  • SHA512

    2d82ae0239e20e9278b116750ee2d09f80a3eb878aaf5d0dd03d574707cbf4789b63e141d52d19554f15dc84a94f652caa0753c803d19e0b7cb6317c40a75057

  • SSDEEP

    12288:+JS+6RCreqc4vvqjN4L2MXCB0TFAWjLzF:+jsCrehIvX2M5T2W

Score
10/10
xwormrattrojan

Malware Config

Extracted

Family

xworm

Version

5.0

C2

paul-nw.gl.at.ply.gg:51413

Mutex

AVvzTAnLyW8qQCcO

Attributes
  • Install_directory

    %AppData%

  • install_file

    kev.exe

aes.plain

Targets

    • Target

      2FEZ4_WindowsApp1.exe

    • Size

      417KB

    • MD5

      e039c59410e9cbba059a36f31b4b7c53

    • SHA1

      b0371be344811b418d30c8baabe7cd8dc9e23fcd

    • SHA256

      4c7fece52c1341f3af5ff77e865bea333a720479238e06f48f28b1db5107d76d

    • SHA512

      2d82ae0239e20e9278b116750ee2d09f80a3eb878aaf5d0dd03d574707cbf4789b63e141d52d19554f15dc84a94f652caa0753c803d19e0b7cb6317c40a75057

    • SSDEEP

      12288:+JS+6RCreqc4vvqjN4L2MXCB0TFAWjLzF:+jsCrehIvX2M5T2W

    Score
    10/10
    xwormrattrojan

    • Detect Xworm Payload

    • Xworm

      Xworm is a remote access trojan written in C#.

      trojanratxworm

    • Xworm family

      xworm

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks