Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

10

Static

static

3

VuxaSpoofer.exe

windows11-21h2-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    VuxaSpoofer.exe

  • Size

    3.6MB

  • Sample

    250308-x9y41s1p15

  • MD5

    d4473f64014380bd2f087935d01e4cf4

  • SHA1

    39d009e253008ed76a65c76bcd55010b016638c1

  • SHA256

    7ad235452a11f0343fcf1def524d04800e591b13e40188cc1cf5be37e9628f36

  • SHA512

    27865bf8b587ee2b5da590ff72a510702591e52c2d8e377cf90b44e2a602ae5a6f605231506cbd65b41fa7c28df332e08aeca3fbb6ee0aea9c33540179e3ed34

  • SSDEEP

    98304:GLYNYcvh7hfw9An9todOS5J+ZkvtnpKLiFqI8wM/4v:GLw1hFfwMrQOS5fVnpKGFm/K

Score
10/10
xwormrattrojan

Malware Config

Extracted

Family

xworm

C2

front-cad.gl.at.ply.gg:36514

Attributes
  • Install_directory

    %AppData%

  • install_file

    USB.exe

Targets

    • Target

      VuxaSpoofer.exe

    • Size

      3.6MB

    • MD5

      d4473f64014380bd2f087935d01e4cf4

    • SHA1

      39d009e253008ed76a65c76bcd55010b016638c1

    • SHA256

      7ad235452a11f0343fcf1def524d04800e591b13e40188cc1cf5be37e9628f36

    • SHA512

      27865bf8b587ee2b5da590ff72a510702591e52c2d8e377cf90b44e2a602ae5a6f605231506cbd65b41fa7c28df332e08aeca3fbb6ee0aea9c33540179e3ed34

    • SSDEEP

      98304:GLYNYcvh7hfw9An9todOS5J+ZkvtnpKLiFqI8wM/4v:GLw1hFfwMrQOS5fVnpKGFm/K

    Score
    10/10
    xwormrattrojan

    • Detect Xworm Payload

    • Xworm

      Xworm is a remote access trojan written in C#.

      trojanratxworm

    • Xworm family

      xworm

    • Executes dropped EXE

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    behavioral1

MITRE ATT&CK Enterprise v15

Tasks