General

  • Target

    2024-05-26_7f703e6f99853dbb7b04afb02ce395e0_hiddentear

  • Size

    140KB

  • Sample

    240526-bz3tkaab3t

  • MD5

    7f703e6f99853dbb7b04afb02ce395e0

  • SHA1

    76908967e8162705d68336ab6635818d3834b314

  • SHA256

    7fc20144378247008ef665d5e660c2cb5a3ef3498b4536447ffb26b852d553b1

  • SHA512

    6478c45d3f4d9cfac080504d3200bff334265b988d3ae9075605be5a4b1d56ebcde7e528d0c6eb965fca192a73e0ecfedd36140e76922989f29aeec2ad12646b

  • SSDEEP

    3072:+nJUFq9i2Os8M+lmsolAIrRuw+mqv9j1MWLQe:+JOq97+lDAA

Malware Config

Extracted

Family

xworm

Version

3.1

C2

45.81.150.172:7000

Mutex

6n3Jhpot6p61GoJO

Attributes
  • Install_directory

    %AppData%

  • install_file

    USB.exe

aes.plain

Targets

    • Target

      2024-05-26_7f703e6f99853dbb7b04afb02ce395e0_hiddentear

    • Size

      140KB

    • MD5

      7f703e6f99853dbb7b04afb02ce395e0

    • SHA1

      76908967e8162705d68336ab6635818d3834b314

    • SHA256

      7fc20144378247008ef665d5e660c2cb5a3ef3498b4536447ffb26b852d553b1

    • SHA512

      6478c45d3f4d9cfac080504d3200bff334265b988d3ae9075605be5a4b1d56ebcde7e528d0c6eb965fca192a73e0ecfedd36140e76922989f29aeec2ad12646b

    • SSDEEP

      3072:+nJUFq9i2Os8M+lmsolAIrRuw+mqv9j1MWLQe:+JOq97+lDAA

    • Detect Xworm Payload

    • Xworm

      Xworm is a remote access trojan written in C#.

    • Detects Windows executables referencing non-Windows User-Agents

    • Detects executables using Telegram Chat Bot

    • Drops startup file

    • Adds Run key to start application

MITRE ATT&CK Enterprise v15

Tasks