General

  • Target

    b757b5a639337c598a63ecab69eee59d904bc34958dc3d0a26158f71b2f2779c

  • Size

    184KB

  • Sample

    240530-ckpttsbf86

  • MD5

    32d21547c3326ff0d4c3223602de9dd2

  • SHA1

    8539651d4240074a2d6715a0fd22d0563a01099d

  • SHA256

    b757b5a639337c598a63ecab69eee59d904bc34958dc3d0a26158f71b2f2779c

  • SHA512

    89fa5f3e3cd7750745868031eb616afe133fafb69ef5ac93de75bdca04596217da51b8ab7f41f51fd4dc57ed27b3c1462e8ab8f8c356f9d5f88a67c1fbcfe023

  • SSDEEP

    1536:ynxEEkGkOkLwnA7H+dAab2MHLCS3aG/OfcifRbpysa7iAM8:y+ERVxADAHb2MH88OfcifBpYuAL

Score
10/10

Malware Config

Extracted

Family

xworm

C2

127.0.0.1:7000

Attributes
  • install_file

    USB.exe

Targets

    • Target

      b757b5a639337c598a63ecab69eee59d904bc34958dc3d0a26158f71b2f2779c

    • Size

      184KB

    • MD5

      32d21547c3326ff0d4c3223602de9dd2

    • SHA1

      8539651d4240074a2d6715a0fd22d0563a01099d

    • SHA256

      b757b5a639337c598a63ecab69eee59d904bc34958dc3d0a26158f71b2f2779c

    • SHA512

      89fa5f3e3cd7750745868031eb616afe133fafb69ef5ac93de75bdca04596217da51b8ab7f41f51fd4dc57ed27b3c1462e8ab8f8c356f9d5f88a67c1fbcfe023

    • SSDEEP

      1536:ynxEEkGkOkLwnA7H+dAab2MHLCS3aG/OfcifRbpysa7iAM8:y+ERVxADAHb2MH88OfcifBpYuAL

    Score
    10/10
    • Detect Xworm Payload

    • Xworm

      Xworm is a remote access trojan written in C#.

    • Detects Windows executables referencing non-Windows User-Agents

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

MITRE ATT&CK Matrix

Tasks