Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

10

Static

static

3

neverlose ...te.exe

windows11-21h2-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    neverlose crack by waite.exe

  • Size

    17.8MB

  • Sample

    250301-j43clawqv3

  • MD5

    328a0860e1f40bc15be694a240b21348

  • SHA1

    a215baba2d1c8b3ccd8330eb7803483597067b58

  • SHA256

    351dd177e0a45db020ef0adc9cf1e31e74357c955107ca608edb07b9817353a1

  • SHA512

    4c4752697ca93b5dc28c60ff3c32f3fcb7f77b05e2d5c8e3f4ca1f1bdbe06dd8af385aafd17e450290f02944f875855a4a4d976b0a34653f9aba221ae935d542

  • SSDEEP

    1536:KqGrHEv1Om9VnhVlvIlBSPAeDbTvREEwhkDfFq6MzOFfs4ZKIhB4Yiw:LG7YBfhVV9AsbTvuvhkDgOFfk8B+w

Score
10/10
xwormrattrojan

Malware Config

Extracted

Family

xworm

C2

very-stars.gl.at.ply.gg:23028

Attributes
  • Install_directory

    %ProgramData%

  • install_file

    system64.exe

  • telegram

    https://api.telegram.org/bot7592133817:AAFoMe-c16pn4My7-EODEINEZeWZ2Milavo/sendMessage?chat_id=6723354517

Targets

    • Target

      neverlose crack by waite.exe

    • Size

      17.8MB

    • MD5

      328a0860e1f40bc15be694a240b21348

    • SHA1

      a215baba2d1c8b3ccd8330eb7803483597067b58

    • SHA256

      351dd177e0a45db020ef0adc9cf1e31e74357c955107ca608edb07b9817353a1

    • SHA512

      4c4752697ca93b5dc28c60ff3c32f3fcb7f77b05e2d5c8e3f4ca1f1bdbe06dd8af385aafd17e450290f02944f875855a4a4d976b0a34653f9aba221ae935d542

    • SSDEEP

      1536:KqGrHEv1Om9VnhVlvIlBSPAeDbTvREEwhkDfFq6MzOFfs4ZKIhB4Yiw:LG7YBfhVV9AsbTvuvhkDgOFfk8B+w

    Score
    10/10
    xwormrattrojan

    • Detect Xworm Payload

    • Xworm

      Xworm is a remote access trojan written in C#.

      trojanratxworm

    • Xworm family

      xworm

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    behavioral1

MITRE ATT&CK Enterprise v15

Tasks