Overview

overview

10

Static

static

10

Siege Anti-Recoil.exe

windows7-x64

10

Siege Anti-Recoil.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    Siege Anti-Recoil.exe

  • Size

    382KB

  • Sample

    240420-tc2l4acb62

  • MD5

    8927b4c1ff38af9da8ba5eb8fd83137b

  • SHA1

    c2af615ba8ec9a25f69f2ebb46aa2e7ac7bd0ca1

  • SHA256

    ea55d13d71e1a071cf78a9c29b402b1d743f693a41bd1038b0f37b6d84c9cfb2

  • SHA512

    3a20fe9e74618310a2da5ab81b2d4de77f31fa3716d608b7c40190da8f70664ef9094b62909aaea7ea47ad47566aeec18979afa592c56ace88497f34ca41705d

  • SSDEEP

    1536:B97Xq5MP31toJnmId6+mg7PbuhB2M4Ojzlro:BAg3MZd6+mCbYmOjG

Score
10/10
xwormpersistenceransomwarerattrojan

Malware Config

Extracted

Family

xworm

C2

uk2.localto.net:37847

Attributes
  • Install_directory

    %ProgramData%

  • install_file

    Google.exe

Targets

    • Target

      Siege Anti-Recoil.exe

    • Size

      382KB

    • MD5

      8927b4c1ff38af9da8ba5eb8fd83137b

    • SHA1

      c2af615ba8ec9a25f69f2ebb46aa2e7ac7bd0ca1

    • SHA256

      ea55d13d71e1a071cf78a9c29b402b1d743f693a41bd1038b0f37b6d84c9cfb2

    • SHA512

      3a20fe9e74618310a2da5ab81b2d4de77f31fa3716d608b7c40190da8f70664ef9094b62909aaea7ea47ad47566aeec18979afa592c56ace88497f34ca41705d

    • SSDEEP

      1536:B97Xq5MP31toJnmId6+mg7PbuhB2M4Ojzlro:BAg3MZd6+mCbYmOjG

    Score
    10/10
    xwormpersistencerattrojanransomware

    • Contains code to disable Windows Defender

      A .NET executable tasked with disabling Windows Defender capabilities such as realtime monitoring, blocking at first seen, etc.

    • Detect Xworm Payload

    • Xworm

      Xworm is a remote access trojan written in C#.

      trojanratxworm

    • Drops startup file

    • Adds Run key to start application

      persistence

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    • Sets desktop wallpaper using registry

      ransomware
    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks