General

  • Target

    e9979aba53e093880b16e00fab4f130ab499e456d3f7d7beb60bb5e5be605299

  • Size

    73KB

  • Sample

    240402-j9rhaacb97

  • MD5

    47e5cc1aa9e86b8210a3e27398c443cf

  • SHA1

    c8d789c9e2e8f9482ab5aa8d42e08cd1e689461b

  • SHA256

    e9979aba53e093880b16e00fab4f130ab499e456d3f7d7beb60bb5e5be605299

  • SHA512

    b7e10130ff7c5493df2006bcc7a4be1f6e8a076bbfd50e713434fdbe0f2d08b0fbc12e40dc16e40612e53d95b0f12139ab72c454ca46f0184619e1c5b537152f

  • SSDEEP

    1536:sdXTyqhZinU/VF2unE7boFucccni6j2SO0SBKXH1RSGt:sdjlin2VkIE7booSn2SO0Z1Jt

Score
10/10

Malware Config

Extracted

Family

xworm

Attributes
  • Install_directory

    %Temp%

  • install_file

    dllhost.exe

  • pastebin_url

    https://pastebin.com/raw/DCDbfnXJ

Targets

    • Target

      e9979aba53e093880b16e00fab4f130ab499e456d3f7d7beb60bb5e5be605299

    • Size

      73KB

    • MD5

      47e5cc1aa9e86b8210a3e27398c443cf

    • SHA1

      c8d789c9e2e8f9482ab5aa8d42e08cd1e689461b

    • SHA256

      e9979aba53e093880b16e00fab4f130ab499e456d3f7d7beb60bb5e5be605299

    • SHA512

      b7e10130ff7c5493df2006bcc7a4be1f6e8a076bbfd50e713434fdbe0f2d08b0fbc12e40dc16e40612e53d95b0f12139ab72c454ca46f0184619e1c5b537152f

    • SSDEEP

      1536:sdXTyqhZinU/VF2unE7boFucccni6j2SO0SBKXH1RSGt:sdjlin2VkIE7booSn2SO0Z1Jt

    Score
    10/10
    • Detect Xworm Payload

    • Xworm

      Xworm is a remote access trojan written in C#.

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

MITRE ATT&CK Matrix

Tasks