General

  • Target

    467de65b409662f8d65c7211ee45b010.exe

  • Size

    64KB

  • Sample

    240403-bk3j9abd96

  • MD5

    467de65b409662f8d65c7211ee45b010

  • SHA1

    2c7f3ba6c6417c54b43f3c377a52b6aaec5c56a4

  • SHA256

    d6b7131722978f82195a6657bcadbb97c390966b76850a1bc9d22bdd39cd15da

  • SHA512

    05904b03b80badc3f251db83386fdaa3d7cee74b09c2a36720fe3f28e8423a54b2932c095169d56eb14583e33b8ef05d64d3a4cd3c62db672ecb86fe6053171a

  • SSDEEP

    1536:WguGII9iRUDh9rSST3xLmHF7skbLMEYfgHt9kbMpNZ/OPmFRAjqBi/:vuSNqlskbL/ZN9+8Z/OPmFRksi

Score
10/10

Malware Config

Extracted

Family

xworm

C2

51.161.107.65:8080

Attributes
  • Install_directory

    %AppData%

  • install_file

    USB.exe

Targets

    • Target

      467de65b409662f8d65c7211ee45b010.exe

    • Size

      64KB

    • MD5

      467de65b409662f8d65c7211ee45b010

    • SHA1

      2c7f3ba6c6417c54b43f3c377a52b6aaec5c56a4

    • SHA256

      d6b7131722978f82195a6657bcadbb97c390966b76850a1bc9d22bdd39cd15da

    • SHA512

      05904b03b80badc3f251db83386fdaa3d7cee74b09c2a36720fe3f28e8423a54b2932c095169d56eb14583e33b8ef05d64d3a4cd3c62db672ecb86fe6053171a

    • SSDEEP

      1536:WguGII9iRUDh9rSST3xLmHF7skbLMEYfgHt9kbMpNZ/OPmFRAjqBi/:vuSNqlskbL/ZN9+8Z/OPmFRksi

    Score
    10/10
    • Detect Xworm Payload

    • Xworm

      Xworm is a remote access trojan written in C#.

    • Drops startup file

MITRE ATT&CK Enterprise v15

Tasks