Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

10

Static

static

10

xtest43234...49.exe

windows7-x64

10

xtest43234...49.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    xtest432347234723487823489237849.exe

  • Size

    86KB

  • Sample

    250301-dp184aynw5

  • MD5

    88c8473293e013fddbfe052e42931a79

  • SHA1

    1a781e8ab6e32409b67d2b23b84cb35b0f9cf40d

  • SHA256

    248da4211f57435ecad90c298bce0e9de826bf06a6d4ee85ad01944acbc45359

  • SHA512

    83a3ea82228687e409c226501c914f1fdedf40dea79c51502aae281baa8c7bb20acba130034971a52980eeb65b73d690778697ab311963ad9a9444c0da002419

  • SSDEEP

    1536:luSG0pp29H2nVWbq2/rp6LdbimF5mzyER168hOOqgJQe2A4:luSHpI6VWbbQJbimFXIZOOqgJ314

Score
10/10
xwormdiscoveryrattrojan

Malware Config

Extracted

Family

xworm

C2

driver-bc.gl.at.ply.gg:34434

Attributes
  • Install_directory

    %AppData%

  • install_file

    USB.exe

Targets

    • Target

      xtest432347234723487823489237849.exe

    • Size

      86KB

    • MD5

      88c8473293e013fddbfe052e42931a79

    • SHA1

      1a781e8ab6e32409b67d2b23b84cb35b0f9cf40d

    • SHA256

      248da4211f57435ecad90c298bce0e9de826bf06a6d4ee85ad01944acbc45359

    • SHA512

      83a3ea82228687e409c226501c914f1fdedf40dea79c51502aae281baa8c7bb20acba130034971a52980eeb65b73d690778697ab311963ad9a9444c0da002419

    • SSDEEP

      1536:luSG0pp29H2nVWbq2/rp6LdbimF5mzyER168hOOqgJQe2A4:luSHpI6VWbbQJbimFXIZOOqgJ314

    Score
    10/10
    xwormrattrojandiscovery

    • Detect Xworm Payload

    • Xworm

      Xworm is a remote access trojan written in C#.

      trojanratxworm

    • Xworm family

      xworm

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks