General

  • Target

    4cb64d17a61ef8b9e07bc3497e948e8116c05b07f1710d38c8b6bcdbb47ae4df

  • Size

    156KB

  • Sample

    240525-1ac92sah9t

  • MD5

    5cb2a2af94232cfc857b410de8acb617

  • SHA1

    cafa9b9a5c754e1476380069d97ff2e64e99d560

  • SHA256

    4cb64d17a61ef8b9e07bc3497e948e8116c05b07f1710d38c8b6bcdbb47ae4df

  • SHA512

    680e92a13f7de11cac0b5825071ec1914918c3c1802fa566ad115bf2a9120f27c537270ff0eed3aafad2eb87f72b08113147645e459f7c625f60b0e17230613c

  • SSDEEP

    3072:ZZPPBDCakbgwtat19bxROHzvM+lmsolAIrRuw+mqv9j1MWLQJ:ZHYbTazV+lDAA

Score
10/10

Malware Config

Extracted

Family

xworm

C2

23.26.201.211:58001

Attributes
  • install_file

    USB.exe

Targets

    • Target

      4cb64d17a61ef8b9e07bc3497e948e8116c05b07f1710d38c8b6bcdbb47ae4df

    • Size

      156KB

    • MD5

      5cb2a2af94232cfc857b410de8acb617

    • SHA1

      cafa9b9a5c754e1476380069d97ff2e64e99d560

    • SHA256

      4cb64d17a61ef8b9e07bc3497e948e8116c05b07f1710d38c8b6bcdbb47ae4df

    • SHA512

      680e92a13f7de11cac0b5825071ec1914918c3c1802fa566ad115bf2a9120f27c537270ff0eed3aafad2eb87f72b08113147645e459f7c625f60b0e17230613c

    • SSDEEP

      3072:ZZPPBDCakbgwtat19bxROHzvM+lmsolAIrRuw+mqv9j1MWLQJ:ZHYbTazV+lDAA

    Score
    10/10
    • Detect Xworm Payload

    • Xworm

      Xworm is a remote access trojan written in C#.

    • Detects Windows executables referencing non-Windows User-Agents

MITRE ATT&CK Matrix

Tasks