Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

10

Static

static

10

SolaraExecutor.exe

windows7-x64

10

SolaraExecutor.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    SolaraExecutor.exe

  • Size

    332KB

  • Sample

    250309-pl1c6s1tfz

  • MD5

    bc24fa47ce8a3cc610815ead257083a9

  • SHA1

    cac1b95cd01cdf9e5df3152aacb70a4ebbc0e614

  • SHA256

    36f0ee74a035c4f57825d0032802971e5a09b79e7e6eed92521b5af93277025d

  • SHA512

    4bc7f17a381a8995c660223dc315411d240493bdbcaabbd426b0f78e3c28ef7fc89a5d02dcf46e87e6ef7a3fc3647e8e4f29dd1bab84408718d12d0046c371ed

  • SSDEEP

    6144:dTRmMwn7bMPl/ioSsPTy3gJckDCO5+Pl+bs:dTRmMw8NzSsPTywWQ+Ples

Score
10/10
xwormrattrojan

Malware Config

Extracted

Family

xworm

C2

127.0.0.1:2277

192.168.1.62:2277

80.46.100.166:2277
Attributes
  • Install_directory

    %AppData%

  • install_file

    Realtek Host Proccesser.exe

Targets

    • Target

      SolaraExecutor.exe

    • Size

      332KB

    • MD5

      bc24fa47ce8a3cc610815ead257083a9

    • SHA1

      cac1b95cd01cdf9e5df3152aacb70a4ebbc0e614

    • SHA256

      36f0ee74a035c4f57825d0032802971e5a09b79e7e6eed92521b5af93277025d

    • SHA512

      4bc7f17a381a8995c660223dc315411d240493bdbcaabbd426b0f78e3c28ef7fc89a5d02dcf46e87e6ef7a3fc3647e8e4f29dd1bab84408718d12d0046c371ed

    • SSDEEP

      6144:dTRmMwn7bMPl/ioSsPTy3gJckDCO5+Pl+bs:dTRmMw8NzSsPTywWQ+Ples

    Score
    10/10
    xwormrattrojan

    • Detect Xworm Payload

    • Xworm

      Xworm is a remote access trojan written in C#.

      trojanratxworm

    • Xworm family

      xworm

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    behavioral1behavioral2

MITRE ATT&CK Matrix

Tasks