Overview

overview

10

Static

static

3

Loader1.exe

windows10-2004-x64

10

Resubmissions

13-02-2024 13:38

240213-qxfnkscd82 10

12-02-2024 17:42

240212-v97p2saf8t 10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    Loader1.exe

  • Size

    119KB

  • Sample

    240213-qxfnkscd82

  • MD5

    991c63fffe62b6b237cad9203c5ef6eb

  • SHA1

    36aa371799529fc70bbcc9a645eb15929fa06de2

  • SHA256

    250eda084776cd02c04ab1dfcffde5555218310351b9c88258f7236df10aeda0

  • SHA512

    b6b76ee6c21c35a4c1f10d33094e7340aef38646baaafcc86eb29385b29e89ebabf2626af3cd53ab115c4ce564c74052d4aa65d270e4a6e54e5e724646d8e432

  • SSDEEP

    3072:VHlQLfyczsS2sJYnZwGrVYTGX8YhmMa0RYRitL:VHlcfTzD1OnOXGMJgRWi

Score
10/10
xwormpersistencerattrojan

Malware Config

Extracted

Family

xworm

C2

expected-identifies.gl.at.ply.gg:28789

Attributes
  • Install_directory

    %ProgramData%

  • install_file

    svchost.exe

Targets

    • Target

      Loader1.exe

    • Size

      119KB

    • MD5

      991c63fffe62b6b237cad9203c5ef6eb

    • SHA1

      36aa371799529fc70bbcc9a645eb15929fa06de2

    • SHA256

      250eda084776cd02c04ab1dfcffde5555218310351b9c88258f7236df10aeda0

    • SHA512

      b6b76ee6c21c35a4c1f10d33094e7340aef38646baaafcc86eb29385b29e89ebabf2626af3cd53ab115c4ce564c74052d4aa65d270e4a6e54e5e724646d8e432

    • SSDEEP

      3072:VHlQLfyczsS2sJYnZwGrVYTGX8YhmMa0RYRitL:VHlcfTzD1OnOXGMJgRWi

    Score
    10/10
    xwormpersistencerattrojan

    • Detect Xworm Payload

    • Xworm

      Xworm is a remote access trojan written in C#.

      trojanratxworm

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Drops startup file

    • Executes dropped EXE

    • Adds Run key to start application

      persistence
    behavioral1

MITRE ATT&CK Enterprise v15

Tasks