Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

10

Static

static

10

d31a3f866a...a5.exe

windows7-x64

10

d31a3f866a...a5.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    d31a3f866a44b8b61d16a898e073fdd05880eb3eeec85c8ec112be7d4f7538a5.exe

  • Size

    70KB

  • Sample

    250228-efn3vazvcz

  • MD5

    75a8d8d3bd1b7c5a660d855b2eba9633

  • SHA1

    fbdf375f67587a17a54ccab58e60c417d421494f

  • SHA256

    d31a3f866a44b8b61d16a898e073fdd05880eb3eeec85c8ec112be7d4f7538a5

  • SHA512

    536637ba7dfdf0a5f21e7d5940748b41f60a75a876474ca0c74e4c6e5d313a29ac22aaf8ca3bbff9f53607c212e45f5386da6652619acd93a427a64d2a29f730

  • SSDEEP

    1536:2pwHU7wcy/A0dRtbhpPy5nF/4Hn6Kq23TOC8KTNsc:SwHUkd1dDbhpPy56PTOCXTmc

Score
10/10
xwormrattrojan

Malware Config

Extracted

Family

xworm

C2

127.0.0.1:4782

stains-38249.portmap.host:4782
Attributes
  • Install_directory

    %AppData%

  • install_file

    USB.exe

Targets

    • Target

      d31a3f866a44b8b61d16a898e073fdd05880eb3eeec85c8ec112be7d4f7538a5.exe

    • Size

      70KB

    • MD5

      75a8d8d3bd1b7c5a660d855b2eba9633

    • SHA1

      fbdf375f67587a17a54ccab58e60c417d421494f

    • SHA256

      d31a3f866a44b8b61d16a898e073fdd05880eb3eeec85c8ec112be7d4f7538a5

    • SHA512

      536637ba7dfdf0a5f21e7d5940748b41f60a75a876474ca0c74e4c6e5d313a29ac22aaf8ca3bbff9f53607c212e45f5386da6652619acd93a427a64d2a29f730

    • SSDEEP

      1536:2pwHU7wcy/A0dRtbhpPy5nF/4Hn6Kq23TOC8KTNsc:SwHUkd1dDbhpPy56PTOCXTmc

    Score
    10/10
    xwormrattrojan

    • Detect Xworm Payload

    • Xworm

      Xworm is a remote access trojan written in C#.

      trojanratxworm

    • Xworm family

      xworm

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    behavioral1behavioral2

MITRE ATT&CK Matrix

Tasks