Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

10

Static

static

3

CleanCloner.exe

windows11-21h2-x64

Sharing

Copy URL
Twitter E-mail

General

  • Target

    CleanCloner.exe

  • Size

    16.3MB

  • Sample

    250308-2y4mkstnv7

  • MD5

    e6ee0a54c4e9351983193e5944b66344

  • SHA1

    e182fce1c3e548d69a15d16edacfce95f1e33ae9

  • SHA256

    7beff8e3153ee395fec616046f0c39dff785a6b5a0762a8639756925c6aec5ab

  • SHA512

    4a8c99b1c00957771f64b01d73daebd5e0d61d5bd786d5141ef39e08bb40e35dfa2f525e970c98085d1ae0f5a66645f6e78ab02e75299ebef60a486fba8700b9

  • SSDEEP

    393216:vmer0QDwxpUTLfhJD1+TtIiFoY9Z8D8CclGm3rcrzTjtFCYhuLxkK:v9E7UTLJF1QtI3a8DZc0IraUSK

Score
10/10
xwormexecutionpyinstallerrattrojan

Malware Config

Extracted

Family

xworm

Version

5.0

C2

meowycatty.ddns.net:8843

Mutex

0E4VwJ2aWKHLu9kc

Attributes
  • install_file

    USB.exe

aes.plain

Targets

    • Target

      CleanCloner.exe

    • Size

      16.3MB

    • MD5

      e6ee0a54c4e9351983193e5944b66344

    • SHA1

      e182fce1c3e548d69a15d16edacfce95f1e33ae9

    • SHA256

      7beff8e3153ee395fec616046f0c39dff785a6b5a0762a8639756925c6aec5ab

    • SHA512

      4a8c99b1c00957771f64b01d73daebd5e0d61d5bd786d5141ef39e08bb40e35dfa2f525e970c98085d1ae0f5a66645f6e78ab02e75299ebef60a486fba8700b9

    • SSDEEP

      393216:vmer0QDwxpUTLfhJD1+TtIiFoY9Z8D8CclGm3rcrzTjtFCYhuLxkK:v9E7UTLJF1QtI3a8DZc0IraUSK

    Score
    10/10
    xwormexecutionrattrojan

    • Detect Xworm Payload

    • Xworm

      Xworm is a remote access trojan written in C#.

      trojanratxworm

    • Xworm family

      xworm

    • Blocklisted process makes network request

    • Command and Scripting Interpreter: PowerShell

      Run Powershell and hide display window.

      execution

    • Loads dropped DLL

    behavioral1

MITRE ATT&CK Enterprise v15

Tasks