Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

10

Static

static

10

MasonEmulator.exe

windows7-x64

10

MasonEmulator.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    MasonEmulator.exe

  • Size

    53KB

  • Sample

    250309-nlmlmszzfy

  • MD5

    ed56ada2f3a7512f5afac9c370c92cab

  • SHA1

    cb60213bd1d77e1ecb79f831a20673b72b848d51

  • SHA256

    f6a6b1620c0ba3121772df8922efd7226d4d52099ec2c687d6c8616f70a04745

  • SHA512

    f1d554c6c570c470477098951a6d594e63e3d17eba488261322dc208aaaadf749a46da3cdb6f518da97e480ae6f1273332ec873741d1008a6f07f7f3f3768f60

  • SSDEEP

    1536:EIhEAuLxL6Sbx7likrIbPEK0Aa/ebOsTM:EoEAu9L6+x7lik0bPEK6/ebOb

Score
10/10
xwormrattrojan

Malware Config

Extracted

Family

xworm

Attributes
  • install_file

    USB.exe

Targets

    • Target

      MasonEmulator.exe

    • Size

      53KB

    • MD5

      ed56ada2f3a7512f5afac9c370c92cab

    • SHA1

      cb60213bd1d77e1ecb79f831a20673b72b848d51

    • SHA256

      f6a6b1620c0ba3121772df8922efd7226d4d52099ec2c687d6c8616f70a04745

    • SHA512

      f1d554c6c570c470477098951a6d594e63e3d17eba488261322dc208aaaadf749a46da3cdb6f518da97e480ae6f1273332ec873741d1008a6f07f7f3f3768f60

    • SSDEEP

      1536:EIhEAuLxL6Sbx7likrIbPEK0Aa/ebOsTM:EoEAu9L6+x7lik0bPEK6/ebOb

    Score
    10/10
    xwormrattrojan

    • Detect Xworm Payload

    • Xworm

      Xworm is a remote access trojan written in C#.

      trojanratxworm

    • Xworm family

      xworm

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    behavioral1behavioral2

MITRE ATT&CK Matrix

Tasks