General
-
Target
e01f8eba926374edca52502c8fb760cc1ac5fb70bd94c57123b05060fef13577
-
Size
1.1MB
-
Sample
240521-eh5tdagf53
-
MD5
5394d35793386641283a5bb8eae359c2
-
SHA1
78a477bc165707e1f3d6b2ce2b70aa73ffbafa23
-
SHA256
e01f8eba926374edca52502c8fb760cc1ac5fb70bd94c57123b05060fef13577
-
SHA512
28dda180125dd48cfac34d37e5601a5fe47ac38f2d677fd15388602fb0526f402dbf5052327b9f2700d9ecf18e95003519accfd471abae6d780edf8188bb7764
-
SSDEEP
24576:dkNGq8rz/q6tsP05X+ef1XeMiQA+NLVtk2Otk:YGpz5X+e9TNE2O+
Malware Config
Extracted
xworm
5.0
79.110.49.133:5700
Bg9JRZDpyEfXxrAy
-
install_file
USB.exe
Targets
-
-
Target
e01f8eba926374edca52502c8fb760cc1ac5fb70bd94c57123b05060fef13577
-
Size
1.1MB
-
MD5
5394d35793386641283a5bb8eae359c2
-
SHA1
78a477bc165707e1f3d6b2ce2b70aa73ffbafa23
-
SHA256
e01f8eba926374edca52502c8fb760cc1ac5fb70bd94c57123b05060fef13577
-
SHA512
28dda180125dd48cfac34d37e5601a5fe47ac38f2d677fd15388602fb0526f402dbf5052327b9f2700d9ecf18e95003519accfd471abae6d780edf8188bb7764
-
SSDEEP
24576:dkNGq8rz/q6tsP05X+ef1XeMiQA+NLVtk2Otk:YGpz5X+e9TNE2O+
Score10/10-
Detect Xworm Payload
-
UAC bypass
-
Windows security bypass
-
Xworm
Xworm is a remote access trojan written in C#.
-
Command and Scripting Interpreter: PowerShell
Run Powershell to modify Windows Defender settings to add exclusions for file extensions, paths, and processes.
-
Windows security modification
-
Checks whether UAC is enabled
-
Suspicious use of SetThreadContext
-