Resubmissions

31-05-2024 17:20

240531-vwxmxsfh34 10

General

  • Target

    roblox.exe

  • Size

    33KB

  • Sample

    240531-vwxmxsfh34

  • MD5

    0468121c50e4327184a4fc8a13ea084c

  • SHA1

    dbeb5e6dac2c0b7620f9c968cb178f02c5a36557

  • SHA256

    be71f93f8e0bff999fe1dbcf880304080de1ade76e4d98a2939cac6c1437249f

  • SHA512

    147df054ce943c205de5f57ab86c461b9e07317fae490d93230b198e28e359fb543c7df926ff8df755f77d97be5c339a0e77521346bc002a4b3037d36ce7a459

  • SSDEEP

    384:Al+PkjD9+E5MFs7iui8L7zJM42pfL3iB7OxVqWFiRApkFXBLTsOZwpGN2v99Ikud:0+CD93W03O42JiB70SVF49jOOjhTbg

Score
10/10

Malware Config

Extracted

Family

xworm

Version

5.0

C2

//5.tcp.eu.ngrok.io:18580

Mutex

Mm5zExDA2TE4MpTP

Attributes
  • install_file

    USB.exe

aes.plain

Targets

    • Target

      roblox.exe

    • Size

      33KB

    • MD5

      0468121c50e4327184a4fc8a13ea084c

    • SHA1

      dbeb5e6dac2c0b7620f9c968cb178f02c5a36557

    • SHA256

      be71f93f8e0bff999fe1dbcf880304080de1ade76e4d98a2939cac6c1437249f

    • SHA512

      147df054ce943c205de5f57ab86c461b9e07317fae490d93230b198e28e359fb543c7df926ff8df755f77d97be5c339a0e77521346bc002a4b3037d36ce7a459

    • SSDEEP

      384:Al+PkjD9+E5MFs7iui8L7zJM42pfL3iB7OxVqWFiRApkFXBLTsOZwpGN2v99Ikud:0+CD93W03O42JiB70SVF49jOOjhTbg

    Score
    10/10
    • Detect Xworm Payload

    • Xworm

      Xworm is a remote access trojan written in C#.

MITRE ATT&CK Enterprise v15

Tasks