Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

10

Static

static

3

21b3ce4274...26.exe

windows7-x64

10

21b3ce4274...26.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    21b3ce427475b47076786585d7041284d6904b77cc3fe4ed9bb0c58f2b98f326.exe

  • Size

    636KB

  • Sample

    250310-pe4f9atzds

  • MD5

    37ef4f24015c203f1f703e634ab7abe3

  • SHA1

    bf007a685cdc77adcec7e214659934b8b7264f25

  • SHA256

    21b3ce427475b47076786585d7041284d6904b77cc3fe4ed9bb0c58f2b98f326

  • SHA512

    9ff7deb7b9ad9c994a5c0243a1339b558e065b4fce83882ec02932b6e734e7b49d4541215d7dcf40558fd25486ededeaa78a945c335de0e3af95c146506e14e9

  • SSDEEP

    12288:5fcXgNO7W7X28o3knVj0pZnON0zFbfvDm/RAGCP0I+m4SW:ZSWOS6z+Iyqzm/SHP0I+m4n

Score
10/10
xwormdiscoveryrattrojan

Malware Config

Extracted

Family

xworm

C2

doe.ydns.eu:5901

wqo9.firewall-gateway.de:5901
Attributes
  • Install_directory

    %AppData%

  • install_file

    MicroSoftEdge.exe

Targets

    • Target

      21b3ce427475b47076786585d7041284d6904b77cc3fe4ed9bb0c58f2b98f326.exe

    • Size

      636KB

    • MD5

      37ef4f24015c203f1f703e634ab7abe3

    • SHA1

      bf007a685cdc77adcec7e214659934b8b7264f25

    • SHA256

      21b3ce427475b47076786585d7041284d6904b77cc3fe4ed9bb0c58f2b98f326

    • SHA512

      9ff7deb7b9ad9c994a5c0243a1339b558e065b4fce83882ec02932b6e734e7b49d4541215d7dcf40558fd25486ededeaa78a945c335de0e3af95c146506e14e9

    • SSDEEP

      12288:5fcXgNO7W7X28o3knVj0pZnON0zFbfvDm/RAGCP0I+m4SW:ZSWOS6z+Iyqzm/SHP0I+m4n

    Score
    10/10
    xwormdiscoveryrattrojan

    • Detect Xworm Payload

    • Xworm

      Xworm is a remote access trojan written in C#.

      trojanratxworm

    • Xworm family

      xworm

    • Drops startup file

    • Loads dropped DLL

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks