General

  • Target

    Crack nursultan Alpha.exe.exe

  • Size

    56KB

  • Sample

    240530-cm2amsag81

  • MD5

    08c6fd86950ec04dd74a3e0f073630a8

  • SHA1

    303ca55d2c29cb4f7f7c98df079287a4831ce999

  • SHA256

    2d89d2aab7dd658f15e2c0ed4fb85ecdb98b139d41fcd6e53a35dbaaf3584919

  • SHA512

    81f00417e31c17eb9fe9c2e217c7229c061dc800d2677ebc61fc30b6e2efd3a2234f46ca51e25e43f49baa74c655dc6ca1a17645dec469f155b0748bf3751f90

  • SSDEEP

    1536:FES8aaheQ+AiqBrnuL0+VsbNEA4jXO2XYypFpETk:FES5qE0xbNUXO8tpFpYk

Malware Config

Extracted

Family

xworm

C2

127.0.0.1:2421

tel-form.gl.at.ply.gg:2421

Attributes
  • Install_directory

    %AppData%

  • install_file

    discord.exe

Targets

    • Target

      Crack nursultan Alpha.exe.exe

    • Size

      56KB

    • MD5

      08c6fd86950ec04dd74a3e0f073630a8

    • SHA1

      303ca55d2c29cb4f7f7c98df079287a4831ce999

    • SHA256

      2d89d2aab7dd658f15e2c0ed4fb85ecdb98b139d41fcd6e53a35dbaaf3584919

    • SHA512

      81f00417e31c17eb9fe9c2e217c7229c061dc800d2677ebc61fc30b6e2efd3a2234f46ca51e25e43f49baa74c655dc6ca1a17645dec469f155b0748bf3751f90

    • SSDEEP

      1536:FES8aaheQ+AiqBrnuL0+VsbNEA4jXO2XYypFpETk:FES5qE0xbNUXO8tpFpYk

    • Detect Xworm Payload

    • Xworm

      Xworm is a remote access trojan written in C#.

    • Drops startup file

    • Adds Run key to start application

MITRE ATT&CK Enterprise v15

Tasks