General

  • Target

    60a7bb9a23063c25fb08acd237e4f8e0_NeikiAnalytics.exe

  • Size

    397KB

  • Sample

    240530-c1r9wscc77

  • MD5

    60a7bb9a23063c25fb08acd237e4f8e0

  • SHA1

    9a29498ee19614179b7714d947af902c95d2baaa

  • SHA256

    28c11a6c809352e442fd43a0925662bc8e99f5eca9e6b8013b0282fbbd0d5715

  • SHA512

    18ad895ee8cfc051d1e5a9e05b6b5fe284a1036291a796247e32028d8b6ace4e5e23f07444cb26e371df5e8496076f1b77353169a9b9c2d8ac7688179b26365d

  • SSDEEP

    12288:zKXamgUT3XjGJyaqDopXWXOUm40yBjKtI:m1

Score
10/10

Malware Config

Extracted

Family

xworm

C2

14.225.208.87:7000

Attributes
  • install_file

    USB.exe

  • telegram

    https://api.telegram.org/bot7045349621:AAEWXdu0-qUzFsivslR6_C1V9v4OITy8iuw/sendMessage?chat_id=1143992330

Targets

    • Target

      60a7bb9a23063c25fb08acd237e4f8e0_NeikiAnalytics.exe

    • Size

      397KB

    • MD5

      60a7bb9a23063c25fb08acd237e4f8e0

    • SHA1

      9a29498ee19614179b7714d947af902c95d2baaa

    • SHA256

      28c11a6c809352e442fd43a0925662bc8e99f5eca9e6b8013b0282fbbd0d5715

    • SHA512

      18ad895ee8cfc051d1e5a9e05b6b5fe284a1036291a796247e32028d8b6ace4e5e23f07444cb26e371df5e8496076f1b77353169a9b9c2d8ac7688179b26365d

    • SSDEEP

      12288:zKXamgUT3XjGJyaqDopXWXOUm40yBjKtI:m1

    Score
    10/10
    • Detect Xworm Payload

    • Xworm

      Xworm is a remote access trojan written in C#.

    • Uses the VBS compiler for execution

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks