Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

10

Static

static

10

zzz.exe

windows7-x64

10

zzz.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    zzz.exe

  • Size

    41KB

  • Sample

    250228-pw1rpayzfw

  • MD5

    c77e044d2010128f39e4f567d9bde052

  • SHA1

    f1c4a8dbb25047d8c2e7475f79f665b940b81d30

  • SHA256

    934e07956a82c1cbd88446dfbd99690f862e0fe04e5a092006728d88d9f310b0

  • SHA512

    aa3dc90975661420e598c1e12362daa0d87f7d0e3b440ef884cfa5be77016f72db6fe63d77500dea3e77d452727286a5fb459636e4f8894789b7ddaca29b67c8

  • SSDEEP

    768:4OtibI1Zq8l4l9MIpYjrVkQ4yp83ZLsQhJOjMeqO:libRlPp4ZkQ83ZbOgeqO

Score
10/10
xwormrattrojan

Malware Config

Extracted

Family

xworm

C2

mr5sejw9m.localto.net:1417

abolhb.com:5050
Mutex

WoVGMjiiGzPgHifY

Attributes
  • install_file

    USB.exe

aes.plain
aes.plain

Targets

    • Target

      zzz.exe

    • Size

      41KB

    • MD5

      c77e044d2010128f39e4f567d9bde052

    • SHA1

      f1c4a8dbb25047d8c2e7475f79f665b940b81d30

    • SHA256

      934e07956a82c1cbd88446dfbd99690f862e0fe04e5a092006728d88d9f310b0

    • SHA512

      aa3dc90975661420e598c1e12362daa0d87f7d0e3b440ef884cfa5be77016f72db6fe63d77500dea3e77d452727286a5fb459636e4f8894789b7ddaca29b67c8

    • SSDEEP

      768:4OtibI1Zq8l4l9MIpYjrVkQ4yp83ZLsQhJOjMeqO:libRlPp4ZkQ83ZbOgeqO

    Score
    10/10
    xwormrattrojan

    • Detect Xworm Payload

    • Xworm

      Xworm is a remote access trojan written in C#.

      trojanratxworm

    • Xworm family

      xworm

    • Legitimate hosting services abused for malware hosting/C2

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks