Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

10

Static

static

1

destiny in...er.bat

windows7-x64

8

destiny in...er.bat

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    destinyinstaller.rar

  • Size

    245KB

  • Sample

    250301-wds3fsxnw9

  • MD5

    f2a02223142818274c00db95d80adb36

  • SHA1

    0ec9c39af233b987128c7ea643df3fa19bb9c5af

  • SHA256

    c70ce231f2c492b92157152d8a6138202a162be69fb33bd6e9571f9eaabc1ad3

  • SHA512

    297b9b7de87d5a1c0e60a1aa6f544efc339184f2c345b7bf79a81eb9a406a6a2d8762af147b4b65a569bb04db1da4984fd60fbb6dc6ecb6c1d4dc4e9596972b6

  • SSDEEP

    6144:p6irMjFCkX+Jed1oP4SSZ/VNCaMbtJ8kjY8M:4DdqeMaStfjW

Score
10/10
xwormexecutionrattrojan

Malware Config

Extracted

Family

xworm

Version

5.0

C2

127.0.0.1:7000

Mutex

3axbgW4A6QodtIl7

Attributes
  • Install_directory

    %ProgramData%

  • install_file

    Destiny Installer.exe

aes.plain

Targets

    • Target

      destiny installer/Destiny Installer.bat

    • Size

      327KB

    • MD5

      2ae432966df2247f6019b7f4f92133b5

    • SHA1

      ccffdee15b76f1239ff1552b0b5992b04753096b

    • SHA256

      b7993ee9e7a074d2fd1a39756bf13e276722043be49e932a5c1540cecd7f7a61

    • SHA512

      83b254cbfbaedca5904d761466d638de7b758986f572679cf80c0cafbd20ffd46dc4aa97c04ace4d650ea073a25459cf2d6ef32275e2ca1ce11e0d22fed1a569

    • SSDEEP

      6144:IGuBeLEz1JHrfxWyiFwx5mnJ7x2AxQ4SEqxqH284++gGZzmdH2lXVKwT5gJy9pHC:ItBe6bHVWy7ATxQ49H284+dGZzUH21wd

    Score
    10/10
    executionxwormrattrojan

    • Detect Xworm Payload

    • Xworm

      Xworm is a remote access trojan written in C#.

      trojanratxworm

    • Xworm family

      xworm

    • Blocklisted process makes network request

    • Command and Scripting Interpreter: PowerShell

      Run Powershell and hide display window.

      execution

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks