General

  • Target

    niggaporn.exe

  • Size

    41KB

  • Sample

    240402-yt85qacb76

  • MD5

    9908277c09934ed6d7a1c28d74660e8b

  • SHA1

    59dedbdc5578f630c320901cc2a8792d3b58f2ba

  • SHA256

    d240c6c9ea53026fe9741314303a771cc99f1935a0327d0c583d76702bd86181

  • SHA512

    fc50d120fc0737f60352588bb3afa6e4451b69587ec575ebec2ae6b1147f03c74abbc41dbe27de4fed23749319d5712eb8735dd5a8120f162dff030ece270032

  • SSDEEP

    768:yiZLEOU7+jFxamqCAr43MpfJF5Pa9p+G6iOwhR3/ub/:yiGr72FItRrtRF49IG6iOwvGT

Score
10/10

Malware Config

Extracted

Family

xworm

Version

5.0

C2

welcome-soon.gl.at.ply.gg:12447

Mutex

Q8nrJ34iVyesbOgf

Attributes
  • Install_directory

    %AppData%

  • install_file

    $77MicrosoftDefender.exe

aes.plain

Targets

    • Target

      niggaporn.exe

    • Size

      41KB

    • MD5

      9908277c09934ed6d7a1c28d74660e8b

    • SHA1

      59dedbdc5578f630c320901cc2a8792d3b58f2ba

    • SHA256

      d240c6c9ea53026fe9741314303a771cc99f1935a0327d0c583d76702bd86181

    • SHA512

      fc50d120fc0737f60352588bb3afa6e4451b69587ec575ebec2ae6b1147f03c74abbc41dbe27de4fed23749319d5712eb8735dd5a8120f162dff030ece270032

    • SSDEEP

      768:yiZLEOU7+jFxamqCAr43MpfJF5Pa9p+G6iOwhR3/ub/:yiGr72FItRrtRF49IG6iOwvGT

    Score
    10/10
    • Detect Xworm Payload

    • Xworm

      Xworm is a remote access trojan written in C#.

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

MITRE ATT&CK Matrix

Tasks