General

  • Target

    checker.exe

  • Size

    84KB

  • Sample

    240530-bw79wahf3x

  • MD5

    b8da5a392ebefed4b9445d75f2f0073b

  • SHA1

    7b8090b749a48ae5cc54c69f98ab3ec80e5db6d2

  • SHA256

    442d059b587fe5bbe2177d96960040e5e9988565536829b8ad2a4019824cce44

  • SHA512

    1d44dcc131402513f231db514796f0e9280e3f173fbc0369a517c7104127f8ead0bcea1a00eaf4a2aacc7ed21bfdb025ba6087a0fdd50848ae75e9ccd0248e0f

  • SSDEEP

    1536:yw4CEgXnzFM8CUxcPwKwZJG+bWfrZ+QlzWmO/hZaeSMEFpETk:VFXn1noOrG+bWf1zHOpZaeFEFpYk

Malware Config

Extracted

Family

xworm

C2

127.0.0.1:1111

tel-form.gl.at.ply.gg:1111

Attributes
  • Install_directory

    %AppData%

  • install_file

    discord.exe

Targets

    • Target

      checker.exe

    • Size

      84KB

    • MD5

      b8da5a392ebefed4b9445d75f2f0073b

    • SHA1

      7b8090b749a48ae5cc54c69f98ab3ec80e5db6d2

    • SHA256

      442d059b587fe5bbe2177d96960040e5e9988565536829b8ad2a4019824cce44

    • SHA512

      1d44dcc131402513f231db514796f0e9280e3f173fbc0369a517c7104127f8ead0bcea1a00eaf4a2aacc7ed21bfdb025ba6087a0fdd50848ae75e9ccd0248e0f

    • SSDEEP

      1536:yw4CEgXnzFM8CUxcPwKwZJG+bWfrZ+QlzWmO/hZaeSMEFpETk:VFXn1noOrG+bWf1zHOpZaeFEFpYk

    • Detect Xworm Payload

    • Xworm

      Xworm is a remote access trojan written in C#.

    • Drops startup file

    • Adds Run key to start application

MITRE ATT&CK Enterprise v15

Tasks