Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

10

Static

static

10

ytgbhnytgb.exe

windows7-x64

10

ytgbhnytgb.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    ytgbhnytgb.exe

  • Size

    60KB

  • Sample

    250301-adt4vsszes

  • MD5

    b03ef605ea9b50de60b20a9b8653aaca

  • SHA1

    6323e1ba2277b24bff5006eb24c0111be401a3b6

  • SHA256

    2654047e3a2be6fe86d10ba58919fd0cc9187268f6aef147750db200f4ceb258

  • SHA512

    96b8cee2cd4acb965a984d507c222576eeb467a61bc04541a94c63e6bcbffd8448dd0c788580f0110a1a32fa89c128cdd9fad10cf89bd966480babf0f1b65085

  • SSDEEP

    1536:DcBuW2ID2gkTZ3/M3O5TunkNFb9jOCVvBY5zGt60OZm2lKy:DSuTIPEJ/j5Tukzb960SGLOZ/Qy

Score
10/10
xwormrattrojan

Malware Config

Extracted

Family

xworm

C2

75.80.209.66:8080

Attributes
  • Install_directory

    %LocalAppData%

  • install_file

    RealtekAudioDG.exe

Targets

    • Target

      ytgbhnytgb.exe

    • Size

      60KB

    • MD5

      b03ef605ea9b50de60b20a9b8653aaca

    • SHA1

      6323e1ba2277b24bff5006eb24c0111be401a3b6

    • SHA256

      2654047e3a2be6fe86d10ba58919fd0cc9187268f6aef147750db200f4ceb258

    • SHA512

      96b8cee2cd4acb965a984d507c222576eeb467a61bc04541a94c63e6bcbffd8448dd0c788580f0110a1a32fa89c128cdd9fad10cf89bd966480babf0f1b65085

    • SSDEEP

      1536:DcBuW2ID2gkTZ3/M3O5TunkNFb9jOCVvBY5zGt60OZm2lKy:DSuTIPEJ/j5Tukzb960SGLOZ/Qy

    Score
    10/10
    xwormrattrojan

    • Detect Xworm Payload

    • Xworm

      Xworm is a remote access trojan written in C#.

      trojanratxworm

    • Xworm family

      xworm

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    behavioral1behavioral2

MITRE ATT&CK Matrix

Tasks