Overview

overview

10

Static

static

10

mink menu.exe

windows7-x64

10

mink menu.exe

windows10-2004-x64

10

Sharing

Copy URL Twitter E-mail

General

  • Target

    mink menu.exe

  • Size

    794KB

  • Sample

    231128-m39bashc98

  • MD5

    ab4b353822b158d7056594f1b231259c

  • SHA1

    34b4d9ac1593387d574ff7f73e438caec6d87aa1

  • SHA256

    93749507b92c18b79b250c85af6db6b71ed877d2ca412ef5a0f085eeb0c099b4

  • SHA512

    d13fa57480b727e32bc7d52ff080435fbf9212c2ae40ea2fe9133aa7a835a90868862ed40bb260b41158c54011436eac47cc0423bff3cfc2cbfdae1a74869545

  • SSDEEP

    12288:aMSApJVYG5lDLyjsb0eOzkv4R7QnvUUilQ35+6G75V9B/WTj:ansJ39LyjbJkQFMhmC+6GD9p4

Score
10/10
xwormpersistencerattrojan

Malware Config

Extracted

Family

xworm

Version

5.0

C2

human-walked.gl.at.ply.gg:7716

Mutex

qPNrlaoLKjWtqmog

Attributes
  • Install_directory

    %AppData%

  • install_file

    XClient.exe

aes.plain

Targets

    • Target

      mink menu.exe

    • Size

      794KB

    • MD5

      ab4b353822b158d7056594f1b231259c

    • SHA1

      34b4d9ac1593387d574ff7f73e438caec6d87aa1

    • SHA256

      93749507b92c18b79b250c85af6db6b71ed877d2ca412ef5a0f085eeb0c099b4

    • SHA512

      d13fa57480b727e32bc7d52ff080435fbf9212c2ae40ea2fe9133aa7a835a90868862ed40bb260b41158c54011436eac47cc0423bff3cfc2cbfdae1a74869545

    • SSDEEP

      12288:aMSApJVYG5lDLyjsb0eOzkv4R7QnvUUilQ35+6G75V9B/WTj:ansJ39LyjbJkQFMhmC+6GD9p4

    Score
    10/10
    xwormpersistencerattrojan

    • Detect Xworm Payload

    • Xworm

      Xworm is a remote access trojan written in C#.

      trojanratxworm

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Drops startup file

    • Executes dropped EXE

    • Loads dropped DLL

    • Adds Run key to start application

      persistence
    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks