Overview

overview

10

Static

static

1

0dcadb6b3b...cs.exe

windows7-x64

10

0dcadb6b3b...cs.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    0dcadb6b3bc2d3a109891af0e2d44c70_NeikiAnalytics

  • Size

    8.6MB

  • Sample

    240509-17yx1shf4y

  • MD5

    0dcadb6b3bc2d3a109891af0e2d44c70

  • SHA1

    a24bbf9768220afe7066b6d9567523e97a124458

  • SHA256

    a83d9be8a4466699a75dde9699fa632ee75704596f501b1da6f095717dff9541

  • SHA512

    2f15e998ce6a4bd7f743c85b371d427e2572ac805db9207772f8772d97aad868ae88fdc28836970e6a1cc4a9ceb20b1766497957d0ef6939e37a544427db2c82

  • SSDEEP

    196608:yMvz1YfOi2xki3ZSzMQcI11G5ChE3WjcpPP1sw2UMj1fAOyTZbdMvDlY9meYaRXI:yMvz1YfOi2xki3ZSzMQcI11G5ChE3WjT

Score
10/10
xwormzgratpersistencerattrojan

Malware Config

Extracted

Family

xworm

Version

5.0

C2

91.92.253.87:1291

Mutex

aliSaYgMg2ZAwhna

Attributes
  • install_file

    USB.exe

aes.plain

Targets

    • Target

      0dcadb6b3bc2d3a109891af0e2d44c70_NeikiAnalytics

    • Size

      8.6MB

    • MD5

      0dcadb6b3bc2d3a109891af0e2d44c70

    • SHA1

      a24bbf9768220afe7066b6d9567523e97a124458

    • SHA256

      a83d9be8a4466699a75dde9699fa632ee75704596f501b1da6f095717dff9541

    • SHA512

      2f15e998ce6a4bd7f743c85b371d427e2572ac805db9207772f8772d97aad868ae88fdc28836970e6a1cc4a9ceb20b1766497957d0ef6939e37a544427db2c82

    • SSDEEP

      196608:yMvz1YfOi2xki3ZSzMQcI11G5ChE3WjcpPP1sw2UMj1fAOyTZbdMvDlY9meYaRXI:yMvz1YfOi2xki3ZSzMQcI11G5ChE3WjT

    Score
    10/10
    xwormzgratpersistencerattrojan

    • Detect Xworm Payload

    • Detect ZGRat V1

    • Xworm

      Xworm is a remote access trojan written in C#.

      trojanratxworm

    • ZGRat

      ZGRat is remote access trojan written in C#.

      ratzgrat

    • Adds Run key to start application

      persistence

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks