General

  • Target

    2024-05-30_f189d5cd0a010355a57583247f386c41_hiddentear

  • Size

    162KB

  • Sample

    240530-e69r8sfg47

  • MD5

    f189d5cd0a010355a57583247f386c41

  • SHA1

    72c0849b4b0639582220b39b21a55b0bc287e56a

  • SHA256

    d77887e43b9073cfbb4eb4fecb647c002fc71cd7fe528bacedd78c08e9f4664a

  • SHA512

    ce9d145552e5782303db84d84c5915771bfd166660728b4508acc6ec6a832a5e7fe501aac736ed3c5d52aced2b1f1235e04a1388e9cdb7790cdec6b80ea09e4d

  • SSDEEP

    3072:OauONY0bWpbxfl4HHOgs+M+lmsolAIrRuw+mqv9j1MWLQd:JTqbIHOd+lDAA

Malware Config

Extracted

Family

xworm

C2

127.0.0.1:1010

Attributes
  • Install_directory

    %AppData%

  • install_file

    mobejaia.exe

Targets

    • Target

      2024-05-30_f189d5cd0a010355a57583247f386c41_hiddentear

    • Size

      162KB

    • MD5

      f189d5cd0a010355a57583247f386c41

    • SHA1

      72c0849b4b0639582220b39b21a55b0bc287e56a

    • SHA256

      d77887e43b9073cfbb4eb4fecb647c002fc71cd7fe528bacedd78c08e9f4664a

    • SHA512

      ce9d145552e5782303db84d84c5915771bfd166660728b4508acc6ec6a832a5e7fe501aac736ed3c5d52aced2b1f1235e04a1388e9cdb7790cdec6b80ea09e4d

    • SSDEEP

      3072:OauONY0bWpbxfl4HHOgs+M+lmsolAIrRuw+mqv9j1MWLQd:JTqbIHOd+lDAA

    • Detect Xworm Payload

    • Xworm

      Xworm is a remote access trojan written in C#.

    • Detects Windows executables referencing non-Windows User-Agents

    • Command and Scripting Interpreter: PowerShell

      Run Powershell to modify Windows Defender settings to add exclusions for file extensions, paths, and processes.

    • Command and Scripting Interpreter: PowerShell

      Run Powershell and hide display window.

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Drops startup file

    • Executes dropped EXE

    • Adds Run key to start application

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

MITRE ATT&CK Enterprise v15

Tasks