Overview

overview

10

Static

static

10

1515.exe

windows7-x64

10

1515.exe

windows10-2004-x64

10

Sharing

Copy URL Twitter E-mail

General

  • Target

    1515.exe

  • Size

    346KB

  • Sample

    240421-r47w3sea3z

  • MD5

    e15aaf4124d69f37a69dcaaaa3ae91a7

  • SHA1

    9c9d8a64440572e425effbb1cf8164a0f9c0a2b3

  • SHA256

    7e54c4f16a70a0d290abf816d88928cf16061de39c15d09378248b5d1fb7304a

  • SHA512

    3882169d67702365762d427a9b7ab766e3571f85b65bd06466549ec56bf8b8ac985f11b664513c4ba0832aae645386651f492a4fa22e5ae5be0f077972e6dd2b

  • SSDEEP

    6144:hAt2bbee+GIIIIIIIhIIIIIIIIIIIIIIIU:OtMep

Score
10/10
xwormpersistencerattrojan

Malware Config

Extracted

Family

xworm

C2

chapter-thomson.gl.at.ply.gg:33483

Attributes
  • Install_directory

    %Userprofile%

  • install_file

    steam.exe

Targets

    • Target

      1515.exe

    • Size

      346KB

    • MD5

      e15aaf4124d69f37a69dcaaaa3ae91a7

    • SHA1

      9c9d8a64440572e425effbb1cf8164a0f9c0a2b3

    • SHA256

      7e54c4f16a70a0d290abf816d88928cf16061de39c15d09378248b5d1fb7304a

    • SHA512

      3882169d67702365762d427a9b7ab766e3571f85b65bd06466549ec56bf8b8ac985f11b664513c4ba0832aae645386651f492a4fa22e5ae5be0f077972e6dd2b

    • SSDEEP

      6144:hAt2bbee+GIIIIIIIhIIIIIIIIIIIIIIIU:OtMep

    Score
    10/10
    xwormpersistencerattrojan

    • Detect Xworm Payload

    • Xworm

      Xworm is a remote access trojan written in C#.

      trojanratxworm

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Deletes itself

    • Drops startup file

    • Adds Run key to start application

      persistence
    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks