Overview

overview

10

Static

static

5

c694e389fa...6c.pdf

windows10-2004-x64

10

Resubmissions

16/08/2023, 10:17

230816-mbl2paca4y 10

16/08/2023, 10:16

230816-maxf2aab55 5

Sharing

Copy URL
Twitter E-mail

General

  • Target

    c694e389fa229bf1a03768bee4ee8d6c.zip

  • Size

    46KB

  • Sample

    230816-mbl2paca4y

  • MD5

    18b452de06bf7fb227db381d311c324c

  • SHA1

    1593454ff853658aa0e72524b85b2b07bc91e6d7

  • SHA256

    6415414c45006d21e6ac6a6d680164c79735d0832b8b0ecdeaeffdbfd1139769

  • SHA512

    ff92b2adae57fe903d045092c32ccbebe37be70cb822319400f54df8cec2bb2fe12a03b77103c4f4de0e6be415da4e636f5682ababdee75443096b71817e0c1b

  • SSDEEP

    768:yO8DgUIP+eOXmUUnPt8uE+wcaOL94wSzAwng0Ls7fhPyR3vUs3yp+99yCZP:yObUIPiXlaPthFlao94wSUwng57xyRco

Score
10/10
xwormpdfrattrojan

Malware Config

Extracted

Family

xworm

C2

142.132.227.161:7000

Mutex

NautGuPIJ3BK60lr

Attributes
  • install_file

    USB.exe

aes.plain

Targets

    • Target

      c694e389fa229bf1a03768bee4ee8d6c

    • Size

      58KB

    • MD5

      c694e389fa229bf1a03768bee4ee8d6c

    • SHA1

      537094682375978804a5b2b4f199c41696982d86

    • SHA256

      2e43e8cac10e96708dc36676f42f14c2142cd6ea6b3d772d179c6e6f2481492e

    • SHA512

      6dbcca3bb93239da140a6e498d52d1587901d3a896152b00988ec53127d2d8e624f3b97cfdc3c21403c7454fd72d2418c8e59515ad04994250e9625699ffff61

    • SSDEEP

      1536:RAjM7DMN0yAAmcFHN9utlM5L1mQQDJWHKjb:RAD0LAtFHqjM38vb

    Score
    10/10
    xwormrattrojan

    • Xworm

      Xworm is a remote access trojan written in C#.

      trojanratxworm

    • Executes dropped EXE

    • Suspicious use of SetThreadContext

    behavioral1

MITRE ATT&CK Enterprise v15

Tasks