General

  • Target

    dawd.exe

  • Size

    59KB

  • Sample

    240328-3rj52abh3x

  • MD5

    bbf06cf75ed437d3efb85926d2d83697

  • SHA1

    174f4e200ddfe23c0716be0c428250a4c82355d8

  • SHA256

    c5556d1974aca75b541afe9fb12ca8a8aa52b82936dc8121819bb1e561e41bbe

  • SHA512

    82ebe3276747bf207acd3d29b54776bb2a001b6cd579aa139868fa8dde8034eec3d1ebfbe783f5fc8c7263f35f3d8cd54e5af77351ddb5cf4e073e7ebe90b211

  • SSDEEP

    1536:apuoCtxws8uXniw726XkbtiJEIP851DNOhnXsX:+zMxt8aniwackb0Eu8jDNOhna

Score
10/10

Malware Config

Extracted

Family

xworm

C2

94.6.233.124:5004:5004

Attributes
  • install_file

    USB.exe

Targets

    • Target

      dawd.exe

    • Size

      59KB

    • MD5

      bbf06cf75ed437d3efb85926d2d83697

    • SHA1

      174f4e200ddfe23c0716be0c428250a4c82355d8

    • SHA256

      c5556d1974aca75b541afe9fb12ca8a8aa52b82936dc8121819bb1e561e41bbe

    • SHA512

      82ebe3276747bf207acd3d29b54776bb2a001b6cd579aa139868fa8dde8034eec3d1ebfbe783f5fc8c7263f35f3d8cd54e5af77351ddb5cf4e073e7ebe90b211

    • SSDEEP

      1536:apuoCtxws8uXniw726XkbtiJEIP851DNOhnXsX:+zMxt8aniwackb0Eu8jDNOhna

    Score
    10/10
    • Detect Xworm Payload

    • Xworm

      Xworm is a remote access trojan written in C#.

MITRE ATT&CK Matrix

Tasks