Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

10

Static

static

3

_xyeta.exe

windows7-x64

10

_xyeta.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    _xyeta.exe

  • Size

    52KB

  • Sample

    250301-zarxrs1px6

  • MD5

    3af8fbdeade9b46ee66cbefd62a4e410

  • SHA1

    dcc51c89b316815bb1ba8d30517ec3d558e53ac8

  • SHA256

    0f4f7b8e9999abde222d5f8c7915c7767f9b01b513b6287b54c6d77e7d747e59

  • SHA512

    067ab15b036fd74a34eed9791e364e95d1f5ebe1f1f2ec573725c2b94dc8cc74760744e10a13f99bb995ac6d21bb1a41fc1100aeb1e7012904f209908140e084

  • SSDEEP

    1536:N0wAgZI2jZ7Rkwc7ne7Z+5TNJ2gPnf5l:OgZ3ywIek5RJtPnf5l

Score
10/10
xwormdiscoveryrattrojan

Malware Config

Extracted

Family

xworm

Version

5.0

C2

like-columns.gl.at.ply.gg:56376

Mutex

nF33ppV8E9KqcE3L

Attributes
  • Install_directory

    %AppData%

  • install_file

    WindowsDefender.exe

aes.plain

Targets

    • Target

      _xyeta.exe

    • Size

      52KB

    • MD5

      3af8fbdeade9b46ee66cbefd62a4e410

    • SHA1

      dcc51c89b316815bb1ba8d30517ec3d558e53ac8

    • SHA256

      0f4f7b8e9999abde222d5f8c7915c7767f9b01b513b6287b54c6d77e7d747e59

    • SHA512

      067ab15b036fd74a34eed9791e364e95d1f5ebe1f1f2ec573725c2b94dc8cc74760744e10a13f99bb995ac6d21bb1a41fc1100aeb1e7012904f209908140e084

    • SSDEEP

      1536:N0wAgZI2jZ7Rkwc7ne7Z+5TNJ2gPnf5l:OgZ3ywIek5RJtPnf5l

    Score
    10/10
    xwormdiscoveryrattrojan

    • Detect Xworm Payload

    • Xworm

      Xworm is a remote access trojan written in C#.

      trojanratxworm

    • Xworm family

      xworm

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks