Overview

overview

10

Static

static

10

Nurik.exe

windows7-x64

10

Nurik.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    Nurik.exe

  • Size

    56KB

  • Sample

    240427-mntbjahd5x

  • MD5

    cff83017173b31b0c7caa9237dd48e0b

  • SHA1

    01a3c20961abfea0df5c4731a50298b97219c228

  • SHA256

    74895a9bc0944ab851171983ae28e43c7da4f0ae22275d9b2d381d748020c27b

  • SHA512

    5f5f7e7b90a428bbab7836e10ecd6626fc1fbc592ef1a068cb91a69ca97e1d93d8443e36689505efa1a96987c1d7a87ad595bd662242179d479af410645bac10

  • SSDEEP

    1536:t8xdrJSsvQCb7RTkMeLQ+bV889z+ACOe00/:kd9SedZkr8+bV9zDCOeR/

Score
10/10
xwormpersistencerattrojan

Malware Config

Extracted

Family

xworm

C2

127.0.0.1:6522

5.39.43.50:6522
Attributes
  • Install_directory

    %AppData%

  • install_file

    XClient.exe

Targets

    • Target

      Nurik.exe

    • Size

      56KB

    • MD5

      cff83017173b31b0c7caa9237dd48e0b

    • SHA1

      01a3c20961abfea0df5c4731a50298b97219c228

    • SHA256

      74895a9bc0944ab851171983ae28e43c7da4f0ae22275d9b2d381d748020c27b

    • SHA512

      5f5f7e7b90a428bbab7836e10ecd6626fc1fbc592ef1a068cb91a69ca97e1d93d8443e36689505efa1a96987c1d7a87ad595bd662242179d479af410645bac10

    • SSDEEP

      1536:t8xdrJSsvQCb7RTkMeLQ+bV889z+ACOe00/:kd9SedZkr8+bV9zDCOeR/

    Score
    10/10
    xwormpersistencerattrojan

    • Detect Xworm Payload

    • Xworm

      Xworm is a remote access trojan written in C#.

      trojanratxworm

    • Drops startup file

    • Adds Run key to start application

      persistence
    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

1
T1547

Registry Run Keys / Startup Folder

1
T1547.001

Privilege Escalation

Boot or Logon Autostart Execution

1
T1547

Registry Run Keys / Startup Folder

1
T1547.001

Defense Evasion

Modify Registry

1
T1112

Credential Access

Discovery

System Information Discovery

1
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks