Overview

overview

10

Static

static

3

a50078c294...0d.exe

windows7-x64

10

a50078c294...0d.exe

windows10-2004-x64

Sharing

Copy URL
Twitter E-mail

General

  • Target

    1020e237ab79171c59cec569952f8f7c7d9ee2056fb3d09a6b3d39de6cb7ca07

  • Size

    415KB

  • Sample

    240417-qbjs4sge69

  • MD5

    c3f81772cad1f6c538e4fbd0c595ed24

  • SHA1

    7ed5b58eef1d389084aeeabeac0834ab558df38d

  • SHA256

    1020e237ab79171c59cec569952f8f7c7d9ee2056fb3d09a6b3d39de6cb7ca07

  • SHA512

    99f6b97d3fb3af6bf8d6e0c6ad21d0f51abe433956e01978883a7ebc4b163c3c28789ad29982b24d645b3907fbe67db26ea7b4630ce95991f37287e322684957

  • SSDEEP

    6144:bcgU7iqq7BDkS3fnwJwh15iYjLVSGdwG7RDd/2yNz2Gh1QvoqOUnkqy9gr2vOQNx:bBN3ow15Bdtt9Ovo0AKiOQNq+

Score
10/10
eternityxwormevasionpersistencerattrojan

Malware Config

Extracted

Family

xworm

Version

5.1

C2

104.194.9.116:7000

Mutex

bUezpCDHVjUVS3W9

Attributes
  • install_file

    USB.exe

  • telegram

    https://api.telegram.org/bot6330888131:AAE5ycZdHuNqV5SVYhHeCfRENn6GuCjwXjs/sendMessage?chat_id=1046049845

aes.plain

Extracted

Family

eternity

Wallets

47vk9PbPuHnEnazCn4tLpwPCWRLSMhpX9PD8WqpjchhTXisimD6j8EvRFDbPQHKUmHVq3vAM3DLytXLg8CqcdRXRFdPe92Q

Attributes
  • payload_urls

    https://raw.githubusercontent.com/VolVeRFM/SilentMiner-VolVeR/main/VolVeRBuilder/Resources/xmrig.exe

Targets

    • Target

      a50078c294c3980c23fc8da34f3fd1dc8ca042e07e0f7f67696d7035ec84700d.exe

    • Size

      455KB

    • MD5

      c8d9593196962fa5d706a207c16674cd

    • SHA1

      686a8e674e6615d5cd91f7b2cba0c755054b3f69

    • SHA256

      a50078c294c3980c23fc8da34f3fd1dc8ca042e07e0f7f67696d7035ec84700d

    • SHA512

      5ddae80780c6091bfe0ab5e29bc63732c08ce34f677fc341366dcecf6db9e1bd2e0ed24cfe57eface0d19c6f46010f47eb2d74888b91a503dae00651c4a756bf

    • SSDEEP

      12288:XcTpGLwWpFGIWFfDtaY4S0LEy7w0iymL/:XOpEwiFYxsEyHiyK

    Score
    10/10
    xwormevasionpersistencerattrojaneternity

    • Detect Xworm Payload

    • Eternity

      Eternity Project is a malware kit offering an info stealer, clipper, worm, coin miner, ransomware, and DDoS bot.

      eternity

    • Xworm

      Xworm is a remote access trojan written in C#.

      trojanratxworm

    • Creates new service(s)

      persistence

    • Stops running service(s)

      evasion

    • Executes dropped EXE

    • Loads dropped DLL

    • Drops file in System32 directory

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks