Overview

overview

10

Static

static

GxMBK.exe

windows7-x64

10

GxMBK.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    GxMBK.exe

  • Size

    1.6MB

  • Sample

    230131-z8f8xsae34

  • MD5

    049b7a8f84d8c8e7932bfc6e97362c30

  • SHA1

    f3d85b5214062a92ecacd0a65e02593e44ab188a

  • SHA256

    2716cfd0d3479d42e903bd0c835b91fd5918a02fb63bdc1b52f73921bf4b307a

  • SHA512

    eb0c58f723a9c6a2d3d29b10f89538845cfbdaa2d4579de4238a0753050154dacc7832cc20f858b757fd6a2e491b5f775262f670309b7691437910c59a106924

  • SSDEEP

    24576:bYO8wJFOtz7uuqEP+1MoIpgpgi2esTTPfQHSvMYdihbjct3sP8ZS3pdWMhLaw:koqAI4sTTP4smZ58wl

Score
10/10
xwormmicrosoftpersistencephishingrattrojan

Malware Config

Extracted

Family

xworm

C2

127.0.0.1:7000

Mutex

TU53fgvTBLouBDSy

Attributes
  • install_file

    USB.exe

aes.plain

Targets

    • Target

      GxMBK.exe

    • Size

      1.6MB

    • MD5

      049b7a8f84d8c8e7932bfc6e97362c30

    • SHA1

      f3d85b5214062a92ecacd0a65e02593e44ab188a

    • SHA256

      2716cfd0d3479d42e903bd0c835b91fd5918a02fb63bdc1b52f73921bf4b307a

    • SHA512

      eb0c58f723a9c6a2d3d29b10f89538845cfbdaa2d4579de4238a0753050154dacc7832cc20f858b757fd6a2e491b5f775262f670309b7691437910c59a106924

    • SSDEEP

      24576:bYO8wJFOtz7uuqEP+1MoIpgpgi2esTTPfQHSvMYdihbjct3sP8ZS3pdWMhLaw:koqAI4sTTP4smZ58wl

    Score
    10/10
    xwormrattrojanmicrosoftpersistencephishing

    • Xworm

      Xworm is a remote access trojan written in C#.

      trojanratxworm

    • Drops startup file

    • Adds Run key to start application

      persistence

    • Detected potential entity reuse from brand microsoft.

      phishingmicrosoft

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

1
T1060

Privilege Escalation

Defense Evasion

Modify Registry

2
T1112

Credential Access

Discovery

System Information Discovery

2
T1082

Query Registry

1
T1012

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks