General

  • Target

    gsB72LsjeW3OnCXIXNtojNdbm7okSb05AnMAnwKs.zip

  • Size

    259KB

  • Sample

    240403-eamb3afa7z

  • MD5

    d3afd759cf24de3a5cf01e3e92a2eef1

  • SHA1

    b6c31d6ec8a11a9b2aa1d264827a83c43d13ec0c

  • SHA256

    e3124c7431ae62c1d0c7e508e318ac091e240cddfe00f768583fa496afa69bf8

  • SHA512

    1817d2877e02b2f607e6062a566a5db74534bbe9f8cb665fe6158a0cc6d937fc6ae02cffe09d5ccdb8e74473e744a7979238fe54646b98fa99c902bc881abc73

  • SSDEEP

    6144:mZ4aJLIwzNPufGgWafLnquhnP/6bmlqgVIVvt4npoxm:44a/h/UfLnBhP/6bhVvWoxm

Score
10/10

Malware Config

Extracted

Family

xworm

Attributes
  • Install_directory

    %ProgramData%

  • install_file

    svchost.exe

  • pastebin_url

    https://pastebin.com/raw/z5PQ82wE

Targets

    • Target

      Krampus/23vcD1orbL.exe

    • Size

      1.3MB

    • MD5

      d48c30f50906d73b06aabec4a3c0ef96

    • SHA1

      4ed2965e2c48d3e35a3e4e1ea8781d3761de94a5

    • SHA256

      71015901a4bbe9f7f81a3f899bf7c21ceca2a332e272e31a4d6d2b6b4f71a59f

    • SHA512

      71eb7ca54f7f1019716c9e5a323d0ffa892a6485fe387044deb9fe431e809bd2f8be5e35f3aba185eb53d437fc63a5a66704815b612e6ea960220610d459265f

    • SSDEEP

      1536:c/G4iM3eweCmtR8K/ddBNm/LBOK+kAYxQb1biW3+FQxEfOO701d67/fxU9:cOrZ8kyt3AYeb1WRSEfO1vd9

    Score
    10/10
    • Detect Xworm Payload

    • Xworm

      Xworm is a remote access trojan written in C#.

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

MITRE ATT&CK Matrix

Tasks