General

  • Target

    yes.exe

  • Size

    81KB

  • Sample

    240403-erqe2sff7t

  • MD5

    5f4287a277adc0f54e9a4a5ae5054506

  • SHA1

    59578435b059664960c540e9554e6e64b71f04b4

  • SHA256

    d2576bc16040874601b4371730e07206214ef2e68c65963aacd90a37502ee75c

  • SHA512

    88364c81e3b49dd2a6dd6458a29a70339f4897b95852a33efa099d7ece9254faf86990736906f241bdd76a81464ca9e75ef021bedefc2a375e76b48495fbebce

  • SSDEEP

    1536:ZQPPhvmXq3AlGuRpsKs5XQfHkyJuQQ/7Pw3NZyKkY74+MDBevjbcU5NRQrM:ZQ3QXq3cuAfEbQQTw3NwKc+MQLbvNRQQ

Score
10/10

Malware Config

Targets

    • Target

      yes.exe

    • Size

      81KB

    • MD5

      5f4287a277adc0f54e9a4a5ae5054506

    • SHA1

      59578435b059664960c540e9554e6e64b71f04b4

    • SHA256

      d2576bc16040874601b4371730e07206214ef2e68c65963aacd90a37502ee75c

    • SHA512

      88364c81e3b49dd2a6dd6458a29a70339f4897b95852a33efa099d7ece9254faf86990736906f241bdd76a81464ca9e75ef021bedefc2a375e76b48495fbebce

    • SSDEEP

      1536:ZQPPhvmXq3AlGuRpsKs5XQfHkyJuQQ/7Pw3NZyKkY74+MDBevjbcU5NRQrM:ZQ3QXq3cuAfEbQQTw3NwKc+MQLbvNRQQ

    Score
    10/10
    • Detect Xworm Payload

    • Xworm

      Xworm is a remote access trojan written in C#.

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Legitimate hosting services abused for malware hosting/C2

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks