Overview

overview

10

Static

static

10

944029da-7...c6.exe

windows10-2004-x64

10

Sharing

Copy URL Twitter E-mail

General

  • Target

    944029da-76d7-4da7-8d0e-767cf1f85ec6.exe

  • Size

    468KB

  • Sample

    240411-s4cllsee78

  • MD5

    b7ad36b9a91d81cb3e911069f5303e85

  • SHA1

    0b32c48e059e5f2c57162864ef61d80e408b0934

  • SHA256

    85fada75b9d311360bd78122da7dc5fa5c46f57e4352df77d6501e089893b3e2

  • SHA512

    1f0007a6d7668b040eb8b481318912c0c1a3df8aa9e750d44d44b5f860ce244e22f296d6beb77f2e1f415eec6b7de468f2574e2d53f185fb8a50c718ef12f15a

  • SSDEEP

    3072:ZpQiMpwVW7dJRV40P8Yvimdqz2qZbrUM:nykSdF8QHsFb

Score
10/10
xwormpersistencerattrojan

Malware Config

Targets

    • Target

      944029da-76d7-4da7-8d0e-767cf1f85ec6.exe

    • Size

      468KB

    • MD5

      b7ad36b9a91d81cb3e911069f5303e85

    • SHA1

      0b32c48e059e5f2c57162864ef61d80e408b0934

    • SHA256

      85fada75b9d311360bd78122da7dc5fa5c46f57e4352df77d6501e089893b3e2

    • SHA512

      1f0007a6d7668b040eb8b481318912c0c1a3df8aa9e750d44d44b5f860ce244e22f296d6beb77f2e1f415eec6b7de468f2574e2d53f185fb8a50c718ef12f15a

    • SSDEEP

      3072:ZpQiMpwVW7dJRV40P8Yvimdqz2qZbrUM:nykSdF8QHsFb

    Score
    10/10
    xwormpersistencerattrojan

    • Detect Xworm Payload

    • Xworm

      Xworm is a remote access trojan written in C#.

      trojanratxworm

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Drops startup file

    • Adds Run key to start application

      persistence

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    behavioral1

MITRE ATT&CK Enterprise v15

Tasks