General

  • Target

    dialer.exe

  • Size

    94KB

  • Sample

    240402-3xlk2she56

  • MD5

    41d5ac1527ea7b6f3ff690ad1f12e1c9

  • SHA1

    d7995b188569f98ae64bbd02a15306c081eb4ac2

  • SHA256

    7d93c42d1e0fd4fdd3f0c1263869f526653d68ab92456c4f5b1b5e4dda30031c

  • SHA512

    582c51a4aa4f73f8c415ac6f6c20d9ba2490bccd308b19bb4fe2173e4f2df8b523a9d513abf3976ad6a59bac89a69896836d0c3443b56de7d342c9e917f80059

  • SSDEEP

    768:ROtuLVuX57Pa4DNXYZTXJXHRr9Lx9Q8iPmhLOx1gXINpJeYN/ZTrOYwj+byQuqqd:ku5MZrIhl3x9Q+1OQX7

Score
10/10

Malware Config

Extracted

Family

xworm

C2

147.185.221.18:28789

Mutex

vqXaGr1XCmDkUDHQ

Attributes
  • install_file

    USB.exe

aes.plain

Targets

    • Target

      dialer.exe

    • Size

      94KB

    • MD5

      41d5ac1527ea7b6f3ff690ad1f12e1c9

    • SHA1

      d7995b188569f98ae64bbd02a15306c081eb4ac2

    • SHA256

      7d93c42d1e0fd4fdd3f0c1263869f526653d68ab92456c4f5b1b5e4dda30031c

    • SHA512

      582c51a4aa4f73f8c415ac6f6c20d9ba2490bccd308b19bb4fe2173e4f2df8b523a9d513abf3976ad6a59bac89a69896836d0c3443b56de7d342c9e917f80059

    • SSDEEP

      768:ROtuLVuX57Pa4DNXYZTXJXHRr9Lx9Q8iPmhLOx1gXINpJeYN/ZTrOYwj+byQuqqd:ku5MZrIhl3x9Q+1OQX7

    Score
    10/10
    • Detect Xworm Payload

    • Xworm

      Xworm is a remote access trojan written in C#.

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

MITRE ATT&CK Matrix

Tasks