c2ac5477db91ef107a38e111b183a88fabae3a1e445cf759df38491699d65ba3 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

XWorm.rar
Size

3.7MB
Sample

231006-aaak2sab26
MD5

27aec169776565705717776ebf6a8d55
SHA1

a83858c99ccb9889441f42bc8a0b7e5ccf814918
SHA256

c2ac5477db91ef107a38e111b183a88fabae3a1e445cf759df38491699d65ba3
SHA512

1f104addc258223638a122d5abd5b86e8adc1183da2768c8501e9932e3b218e3feebefb483349d87e6b4e2dd29e8a01e53338dd6ec87648a20f5246d86a496f2
SSDEEP

98304:jjvhd8cMOBmYS1svAJFFa6XmeuwSqUjGMtokcqFdRaDzmLW/nQDZjO:jjJd8vNYNQFzEvBVtoFqFAeawS

Score

8^/10

Malware Config

Targets

- Target
  
  XWorm.rar
- Size
  
  3.7MB
- MD5
  
  27aec169776565705717776ebf6a8d55
- SHA1
  
  a83858c99ccb9889441f42bc8a0b7e5ccf814918
- SHA256
  
  c2ac5477db91ef107a38e111b183a88fabae3a1e445cf759df38491699d65ba3
- SHA512
  
  1f104addc258223638a122d5abd5b86e8adc1183da2768c8501e9932e3b218e3feebefb483349d87e6b4e2dd29e8a01e53338dd6ec87648a20f5246d86a496f2
- SSDEEP
  
  98304:jjvhd8cMOBmYS1svAJFFa6XmeuwSqUjGMtokcqFdRaDzmLW/nQDZjO:jjJd8vNYNQFzEvBVtoFqFAeawS
Score

3^/10
behavioral1 behavioral2
- Target
  
  XWorm.exe
- Size
  
  236KB
- MD5
  
  b32ea65abc9d6824feb8cf0a88edf313
- SHA1
  
  0f8376bc0c2b68443d6a11ebfda082d9bcd5616a
- SHA256
  
  272c70c2f0ab7a6fc0e18eb8184e18df2b18bf70998a1770664608160a4da3cd
- SHA512
  
  c465f90c4aa2bd11330138f41b1ccd0685f268023821dc930023c7f6f0e93211e3e6b5935726b95b6959d433e473be1b359473e1db2d133e62dc9b6a240952c8
- SSDEEP
  
  6144:CMvjES2jicP5iOo2T8VrSd/sUAO22lM0T8S81Sa:CMvDqiG59ouA2s1Sa
Score

8^/10
- Blocklisted process makes network request
- Suspicious use of SetThreadContext
behavioral3 behavioral4

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2

behavioral3

behavioral4