General

  • Target

    brehmrpersonisanigger.exe

  • Size

    39KB

  • Sample

    240402-yy5cbscc7t

  • MD5

    28f937e76e11c649b2b58af9c120e845

  • SHA1

    417eb23a0b0801816e164b9350ac10d14fa3c4e4

  • SHA256

    7bbaa10e1b9d408a0b2fca977347319f97cf4e5a30ffb5f0ea1c1b509cb46cfc

  • SHA512

    c8e80de4a640292286ed986533d236262d14927ea125112e7684897bfd328ac30654c2229fe66268a0c1a44e2e8e38f034d6e12c44e6ec784b19c8462d9bb6b3

  • SSDEEP

    768:vLFUSM+46o3lLJKuuwhSZPypufFWPa9bIa6POwhmaubW:vxUSM+teVJKuuwhSMEFv9bIa6POwkTS

Malware Config

Extracted

Family

xworm

Version

5.0

C2

welcome-soon.gl.at.ply.gg:12447

Mutex

58Kp4q9Iqe8gFNBV

Attributes
  • Install_directory

    %AppData%

  • install_file

    $77MicrosoftDefender.exe

aes.plain

Targets

    • Target

      brehmrpersonisanigger.exe

    • Size

      39KB

    • MD5

      28f937e76e11c649b2b58af9c120e845

    • SHA1

      417eb23a0b0801816e164b9350ac10d14fa3c4e4

    • SHA256

      7bbaa10e1b9d408a0b2fca977347319f97cf4e5a30ffb5f0ea1c1b509cb46cfc

    • SHA512

      c8e80de4a640292286ed986533d236262d14927ea125112e7684897bfd328ac30654c2229fe66268a0c1a44e2e8e38f034d6e12c44e6ec784b19c8462d9bb6b3

    • SSDEEP

      768:vLFUSM+46o3lLJKuuwhSZPypufFWPa9bIa6POwhmaubW:vxUSM+teVJKuuwhSMEFv9bIa6POwkTS

    • Detect Xworm Payload

    • Xworm

      Xworm is a remote access trojan written in C#.

    • Drops startup file

    • Executes dropped EXE

    • Adds Run key to start application

MITRE ATT&CK Enterprise v15

Tasks