General

  • Target

    d165f1b3af71537b15df8d546ce3040559f144db143255c6b88227e058d22179

  • Size

    30KB

  • Sample

    240527-dg9khaeh52

  • MD5

    95679c7414e944cf1ed0402c63192a88

  • SHA1

    50d870dbcd84c87b14618ea61c4b06d231a50747

  • SHA256

    d165f1b3af71537b15df8d546ce3040559f144db143255c6b88227e058d22179

  • SHA512

    4a530986be5e8aca279049258c1f64d719a2dabdc6f0195fd6441a41851ff2815df3ff99f81a57d999248843ef57bc68f4f2a3f78cde5dd511d823a865ad088f

  • SSDEEP

    384:e7wTA+5OfPgEBQqWvfcQLZe3s80hYACSqRFYjY2uRugtFuBLTIOZw/WVnvn9IkVJ:ArgECfLH8MYAoRF72uBFE9RFOqh/bp

Score
10/10

Malware Config

Extracted

Family

xworm

Version

3.1

C2

academic-whereas.gl.at.ply.gg:62978

Mutex

jm6ucCuyeSYNhySg

Attributes
  • install_file

    USB.exe

aes.plain

Targets

    • Target

      d165f1b3af71537b15df8d546ce3040559f144db143255c6b88227e058d22179

    • Size

      30KB

    • MD5

      95679c7414e944cf1ed0402c63192a88

    • SHA1

      50d870dbcd84c87b14618ea61c4b06d231a50747

    • SHA256

      d165f1b3af71537b15df8d546ce3040559f144db143255c6b88227e058d22179

    • SHA512

      4a530986be5e8aca279049258c1f64d719a2dabdc6f0195fd6441a41851ff2815df3ff99f81a57d999248843ef57bc68f4f2a3f78cde5dd511d823a865ad088f

    • SSDEEP

      384:e7wTA+5OfPgEBQqWvfcQLZe3s80hYACSqRFYjY2uRugtFuBLTIOZw/WVnvn9IkVJ:ArgECfLH8MYAoRF72uBFE9RFOqh/bp

    Score
    10/10
    • Detect Xworm Payload

    • Xworm

      Xworm is a remote access trojan written in C#.

    • Detects Windows executables referencing non-Windows User-Agents

MITRE ATT&CK Matrix

Tasks