Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

10

Static

static

10

test.exe

windows11-21h2-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    test.exe

  • Size

    89KB

  • Sample

    250309-wwjxhaxmy5

  • MD5

    4abfe31f2da3f0bc602decaaac08b0c9

  • SHA1

    afff96b07c5e37c801b411ede860df94037573ef

  • SHA256

    370cc36b27a50f6e31221b7124845b1e56376d7d3e9ed1e6c6ba40d3fabcf240

  • SHA512

    dfadc09da95d07917717adc086cb400eb9398c2e280368edbeaeea02603447639e3317a8851eb6600fcf18b968e34903cc6eee4a7e0c1774f57cadd62abac772

  • SSDEEP

    1536:49DnrYF3GJ8jDAj0MiMjObqLfxMbYI/1178G/86l0FK/kgO27GT9+a9:wDcuGwPCOmbYq11wq0FK8gO2yT9Z

Score
10/10
xwormdiscoveryrattrojan

Malware Config

Extracted

Family

xworm

C2

argusishere.ddns.net:7000

Attributes
  • Install_directory

    %LocalAppData%

  • install_file

    XClient.exe

  • telegram

    https://api.telegram.org/bot7694483961:AAGV-uQ7kaA3loPg-x8TWOxIfs3Vo3BN8Bk/sendMessage?chat_id=8146690782

Targets

    • Target

      test.exe

    • Size

      89KB

    • MD5

      4abfe31f2da3f0bc602decaaac08b0c9

    • SHA1

      afff96b07c5e37c801b411ede860df94037573ef

    • SHA256

      370cc36b27a50f6e31221b7124845b1e56376d7d3e9ed1e6c6ba40d3fabcf240

    • SHA512

      dfadc09da95d07917717adc086cb400eb9398c2e280368edbeaeea02603447639e3317a8851eb6600fcf18b968e34903cc6eee4a7e0c1774f57cadd62abac772

    • SSDEEP

      1536:49DnrYF3GJ8jDAj0MiMjObqLfxMbYI/1178G/86l0FK/kgO27GT9+a9:wDcuGwPCOmbYq11wq0FK8gO2yT9Z

    Score
    10/10
    xwormdiscoveryrattrojan

    • Detect Xworm Payload

    • Xworm

      Xworm is a remote access trojan written in C#.

      trojanratxworm

    • Xworm family

      xworm

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    behavioral1

MITRE ATT&CK Enterprise v15

Tasks