General

  • Target

    Kaught.exe

  • Size

    63KB

  • Sample

    230829-zf2ddsag4t

  • MD5

    24d062abf47e76a592996e57e4146a4c

  • SHA1

    99c4fee76e22523d9d03189f5e65295f51aeb0b1

  • SHA256

    b40c5e0c9e7fc8cc0fe7d2f1ead00295df5341c4fb9d59a277575450038aad2d

  • SHA512

    56dc50182d4fae3ad50d05656bb0a5ca3d14e71a37efe0fb84ca3fb28a48c471732251df0e4959efd32884b5c59aa06db8978210dc7d00ab40f03c4ca40b8f40

  • SSDEEP

    1536:WSKfMqlTPADtRxNqDN06Zb7R84n4RLVA6NDO5D3Cr:WSKUqonxNsbZb7gVzDO5Dyr

Malware Config

Extracted

Family

xworm

C2

Kaught-53088.portmap.host:53088

Attributes
  • install_file

    spoofer.exe

Targets

    • Target

      Kaught.exe

    • Size

      63KB

    • MD5

      24d062abf47e76a592996e57e4146a4c

    • SHA1

      99c4fee76e22523d9d03189f5e65295f51aeb0b1

    • SHA256

      b40c5e0c9e7fc8cc0fe7d2f1ead00295df5341c4fb9d59a277575450038aad2d

    • SHA512

      56dc50182d4fae3ad50d05656bb0a5ca3d14e71a37efe0fb84ca3fb28a48c471732251df0e4959efd32884b5c59aa06db8978210dc7d00ab40f03c4ca40b8f40

    • SSDEEP

      1536:WSKfMqlTPADtRxNqDN06Zb7R84n4RLVA6NDO5D3Cr:WSKUqonxNsbZb7gVzDO5Dyr

    • Xworm

      Xworm is a remote access trojan written in C#.

    • Drops startup file

    • Executes dropped EXE

    • Adds Run key to start application

MITRE ATT&CK Enterprise v15

Tasks