General

  • Target

    Nursultan Crack.exe

  • Size

    75KB

  • Sample

    240530-dfmpcach87

  • MD5

    718d835e956bf992d74d031070750ccd

  • SHA1

    8a8be000621049c6d82ef19c5df1c87f8663284b

  • SHA256

    6718f70bc6681d4aa51f9a14dd7d13b889207f06d1f6022a50f9d99a5f03d86a

  • SHA512

    1e624cbcf80db295371c98b04a479e175dd97496cc0eca8b44d916f99951bb98f1890d073c9b6af7f0ba50f69dbf4122791baee41070d359db53294b33164b8d

  • SSDEEP

    1536:klFdpG4JVa2QjuN67/NUavqnWd+bKNX49Y5OO3HFmqiFpETW:klEQNy/NLiG+bKkTO3HFfiFpYW

Malware Config

Extracted

Family

xworm

C2

127.0.0.1:1111

tel-form.gl.at.ply.gg:1111

Attributes
  • Install_directory

    %AppData%

  • install_file

    discord.exe

Targets

    • Target

      Nursultan Crack.exe

    • Size

      75KB

    • MD5

      718d835e956bf992d74d031070750ccd

    • SHA1

      8a8be000621049c6d82ef19c5df1c87f8663284b

    • SHA256

      6718f70bc6681d4aa51f9a14dd7d13b889207f06d1f6022a50f9d99a5f03d86a

    • SHA512

      1e624cbcf80db295371c98b04a479e175dd97496cc0eca8b44d916f99951bb98f1890d073c9b6af7f0ba50f69dbf4122791baee41070d359db53294b33164b8d

    • SSDEEP

      1536:klFdpG4JVa2QjuN67/NUavqnWd+bKNX49Y5OO3HFmqiFpETW:klEQNy/NLiG+bKkTO3HFfiFpYW

    • Detect Xworm Payload

    • Xworm

      Xworm is a remote access trojan written in C#.

    • Drops startup file

    • Adds Run key to start application

MITRE ATT&CK Enterprise v15

Tasks