Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

10

Static

static

3

e111964765...e2.exe

windows7-x64

10

e111964765...e2.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    e111964765f99e0c863956e31e31ef76e5989cef5c33673ae955230d8cb9c4e2.exe

  • Size

    686KB

  • Sample

    250310-nnd3aas1cw

  • MD5

    89835939251de14ca92a6fc263faf6ff

  • SHA1

    67f125429fa563fd17cb0095549932c80b32f764

  • SHA256

    e111964765f99e0c863956e31e31ef76e5989cef5c33673ae955230d8cb9c4e2

  • SHA512

    264406e200003e23b36298c1be3cafd0e8cbba4224d89f1b730e00adc08f3add4e5025c0d1e6c09343284f3982f839723c135acd71ba4795731d00ab58cf6919

  • SSDEEP

    12288:DNLxu6YeXY/e174lgJ8zzPHvfpqS1uqlFTYVuuuyN5tSQEkpqhX:3h8gJWHvfpz1uIFkV/SQDp6

Score
10/10
xwormdiscoveryrattrojan

Malware Config

Extracted

Family

xworm

C2

rency.ydns.eu:59012

wqo9.firewall-gateway.de:59012
Attributes
  • Install_directory

    %AppData%

  • install_file

    MicroSoftOutlook.exe

Targets

    • Target

      e111964765f99e0c863956e31e31ef76e5989cef5c33673ae955230d8cb9c4e2.exe

    • Size

      686KB

    • MD5

      89835939251de14ca92a6fc263faf6ff

    • SHA1

      67f125429fa563fd17cb0095549932c80b32f764

    • SHA256

      e111964765f99e0c863956e31e31ef76e5989cef5c33673ae955230d8cb9c4e2

    • SHA512

      264406e200003e23b36298c1be3cafd0e8cbba4224d89f1b730e00adc08f3add4e5025c0d1e6c09343284f3982f839723c135acd71ba4795731d00ab58cf6919

    • SSDEEP

      12288:DNLxu6YeXY/e174lgJ8zzPHvfpqS1uqlFTYVuuuyN5tSQEkpqhX:3h8gJWHvfpz1uIFkV/SQDp6

    Score
    10/10
    xwormdiscoveryrattrojan

    • Detect Xworm Payload

    • Xworm

      Xworm is a remote access trojan written in C#.

      trojanratxworm

    • Xworm family

      xworm

    • Drops startup file

    • Loads dropped DLL

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks