General

  • Target

    dialer.exe

  • Size

    94KB

  • Sample

    240402-3yfq7ahe75

  • MD5

    e4db823f266abb120b760bffaec78d95

  • SHA1

    40c0f9623c39e861ff311099fff51d81c1a69a6d

  • SHA256

    3fbed3a0080009501a255159612279862317d24416669dc462692d41e4b454f7

  • SHA512

    999c32e9942bb6287e569f8a947bedacf98cc7d8b37e06958f53e3ceb084d2cee5d3ebd305311a8688a2d271a311acb861912345fe3e879275b1314fe76c981a

  • SSDEEP

    768:sOtuLVuX57Pa4DNXYZTXJXHRr9Lx9Q5iPmhLOn1gXWNpJeYN/ZTrOYwj+byQuqqd:ju5MZrIhl3x9QN1OCXt

Score
10/10

Malware Config

Extracted

Family

xworm

C2

147.185.221.18:28789

Mutex

tIJTJ8J61equspRr

Attributes
  • install_file

    USB.exe

aes.plain

Targets

    • Target

      dialer.exe

    • Size

      94KB

    • MD5

      e4db823f266abb120b760bffaec78d95

    • SHA1

      40c0f9623c39e861ff311099fff51d81c1a69a6d

    • SHA256

      3fbed3a0080009501a255159612279862317d24416669dc462692d41e4b454f7

    • SHA512

      999c32e9942bb6287e569f8a947bedacf98cc7d8b37e06958f53e3ceb084d2cee5d3ebd305311a8688a2d271a311acb861912345fe3e879275b1314fe76c981a

    • SSDEEP

      768:sOtuLVuX57Pa4DNXYZTXJXHRr9Lx9Q5iPmhLOn1gXWNpJeYN/ZTrOYwj+byQuqqd:ju5MZrIhl3x9QN1OCXt

    Score
    10/10
    • Detect Xworm Payload

    • Xworm

      Xworm is a remote access trojan written in C#.

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

MITRE ATT&CK Matrix

Tasks