General

  • Target

    23f99e31031b05b09b4f01c05fbe24f9ddc16110297016f9359116b194724065

  • Size

    10.5MB

  • Sample

    240314-kqlncsfc91

  • MD5

    ca63d146b2c5f1c9f259c571981e4b79

  • SHA1

    49b00c1c3e30451bb2ed7e4968f5bf49de884a50

  • SHA256

    23f99e31031b05b09b4f01c05fbe24f9ddc16110297016f9359116b194724065

  • SHA512

    1b759eb0debeb3898980a349484e762c3a3f53378b625557640f34ae3b85926c9f78ce1e08aad76af3c2691043ff6333b00e0622e60d8b712097efef27dd5560

  • SSDEEP

    49152:626x5gXqU+BYevUmXfOSOlYUxHHfhLBOblwysVsuiuph9O:c

Score
10/10

Malware Config

Extracted

Family

xworm

Version

5.0

C2

91.92.251.195:7000

Mutex

auk38otQ7xik0zRg

Attributes
  • install_file

    USB.exe

aes.plain

Targets

    • Target

      23f99e31031b05b09b4f01c05fbe24f9ddc16110297016f9359116b194724065

    • Size

      10.5MB

    • MD5

      ca63d146b2c5f1c9f259c571981e4b79

    • SHA1

      49b00c1c3e30451bb2ed7e4968f5bf49de884a50

    • SHA256

      23f99e31031b05b09b4f01c05fbe24f9ddc16110297016f9359116b194724065

    • SHA512

      1b759eb0debeb3898980a349484e762c3a3f53378b625557640f34ae3b85926c9f78ce1e08aad76af3c2691043ff6333b00e0622e60d8b712097efef27dd5560

    • SSDEEP

      49152:626x5gXqU+BYevUmXfOSOlYUxHHfhLBOblwysVsuiuph9O:c

    Score
    10/10
    • Detect Xworm Payload

    • Suspicious use of NtCreateUserProcessOtherParentProcess

    • Xworm

      Xworm is a remote access trojan written in C#.

MITRE ATT&CK Matrix

Tasks