General

  • Target

    XWorm V5.1.zip

  • Size

    29.7MB

  • Sample

    240326-rl67tsca56

  • MD5

    b2a6c59063aebe1924295be7f1476ef8

  • SHA1

    3cc6620ed1f1a25ef98f47f35aa5ff583bfbdeda

  • SHA256

    9c9777920e8613731a3586cd4ae3e3cd2d497800c3e34a7408897a6f5c56e1a3

  • SHA512

    9f8f13b804977f4d3776467a025232e2ba018b4ae72ac06968b31a392fcab25ebc7f79e6587c1db1753a87de55c1d4bf0cc4a3cdbad62a159ab67f724a2225c6

  • SSDEEP

    786432:vewOXW8MbxTSU1SG+NmsOtYZ1aAUPjiPz:vUvMTNLumXAl

Malware Config

Targets

    • Target

      XWorm V5.1.zip

    • Size

      29.7MB

    • MD5

      b2a6c59063aebe1924295be7f1476ef8

    • SHA1

      3cc6620ed1f1a25ef98f47f35aa5ff583bfbdeda

    • SHA256

      9c9777920e8613731a3586cd4ae3e3cd2d497800c3e34a7408897a6f5c56e1a3

    • SHA512

      9f8f13b804977f4d3776467a025232e2ba018b4ae72ac06968b31a392fcab25ebc7f79e6587c1db1753a87de55c1d4bf0cc4a3cdbad62a159ab67f724a2225c6

    • SSDEEP

      786432:vewOXW8MbxTSU1SG+NmsOtYZ1aAUPjiPz:vUvMTNLumXAl

    • Sets file to hidden

      Modifies file attributes to stop it showing in Explorer etc.

    • Executes dropped EXE

    • Loads dropped DLL

    • Obfuscated with Agile.Net obfuscator

      Detects use of the Agile.Net commercial obfuscator, which is capable of entity renaming and control flow obfuscation.

    • Adds Run key to start application

MITRE ATT&CK Enterprise v15

Tasks