Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
General
-
Target
test.exe
-
Size
59KB
-
Sample
250308-yla8qa1xh1
-
MD5
0989805ebfa10a6112b1e19846182c95
-
SHA1
9c101d98d26c6d5e2374e4d8baab393631d358d8
-
SHA256
412621eea530f0835ff50ff44c174b55d45fd36400319b054788920535b7d586
-
SHA512
c96cbc20c5bf93cac574fa6795bc413f7a8e0becab5343bf824819ab9443ae41fd05ec5976ba89888b97aef5e95df561b7f1e57d2251ebb9dfcd5348e044d602
-
SSDEEP
1536:2nF3FOqPlMQvp7eq6IzbhY1iv2n+u65n18ZCOmTzg5:2nFxPqG7YIzby1B+118IOmTU5
Malware Config
Extracted
xworm
3.1
Jameson1312313-53869.portmap.host:53869:8848
-
Install_directory
%AppData%
-
install_file
fortnite.exe
Targets
-
-
Target
test.exe
-
Size
59KB
-
MD5
0989805ebfa10a6112b1e19846182c95
-
SHA1
9c101d98d26c6d5e2374e4d8baab393631d358d8
-
SHA256
412621eea530f0835ff50ff44c174b55d45fd36400319b054788920535b7d586
-
SHA512
c96cbc20c5bf93cac574fa6795bc413f7a8e0becab5343bf824819ab9443ae41fd05ec5976ba89888b97aef5e95df561b7f1e57d2251ebb9dfcd5348e044d602
-
SSDEEP
1536:2nF3FOqPlMQvp7eq6IzbhY1iv2n+u65n18ZCOmTzg5:2nFxPqG7YIzby1B+118IOmTU5
Score10/10-
Detect Xworm Payload
-
Xworm
Xworm is a remote access trojan written in C#.
-
Xworm family
-
Command and Scripting Interpreter: PowerShell
Run Powershell to modify Windows Defender settings to add exclusions for file extensions, paths, and processes.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Drops startup file
-
Adds Run key to start application
-