Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

10

Static

static

3

EC.exe

windows10-2004-x64

10

EC.exe

windows11-21h2-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    EC.exe

  • Size

    606KB

  • Sample

    250309-pxycys1way

  • MD5

    a360792e294edd8b69a58abf9792e0ab

  • SHA1

    92d7bf026f2690e0955ad40a06450478e2a2169f

  • SHA256

    e1969f5cf0a443b9d7416122f6a93da6847abe2a6f098c4088cc93aa0ff54324

  • SHA512

    991fa53dbede43a38acf1d1ddf575add1e26cd78b5ae517ca68148e5f3d8087b0261695744482ba2f6f30fcdad7be6b555bae5ae73ed07f099a55e11bda26cb7

  • SSDEEP

    12288:ylebH7ETMiQU1mTUBF8YcjXuQwYVl6ai/emTUBjO3AWQlOrRFR:ylM7Ezv8YczuQTlFi/eQmO3AGrRFR

Score
10/10
xwormrattrojan

Malware Config

Extracted

Family

xworm

C2

2.58.56.237:53

Attributes
  • Install_directory

    %AppData%

  • install_file

    Svhost.exe

Targets

    • Target

      EC.exe

    • Size

      606KB

    • MD5

      a360792e294edd8b69a58abf9792e0ab

    • SHA1

      92d7bf026f2690e0955ad40a06450478e2a2169f

    • SHA256

      e1969f5cf0a443b9d7416122f6a93da6847abe2a6f098c4088cc93aa0ff54324

    • SHA512

      991fa53dbede43a38acf1d1ddf575add1e26cd78b5ae517ca68148e5f3d8087b0261695744482ba2f6f30fcdad7be6b555bae5ae73ed07f099a55e11bda26cb7

    • SSDEEP

      12288:ylebH7ETMiQU1mTUBF8YcjXuQwYVl6ai/emTUBjO3AWQlOrRFR:ylM7Ezv8YczuQTlFi/eQmO3AGrRFR

    Score
    10/10
    xwormrattrojan

    • Detect Xworm Payload

    • Xworm

      Xworm is a remote access trojan written in C#.

      trojanratxworm

    • Xworm family

      xworm

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks