General
-
Target
PlayerTracker.exe
-
Size
81KB
-
Sample
240608-ajhysaed4y
-
MD5
e5dfe8f83fca027dea3ecc628e7850c4
-
SHA1
f2194b4613aedb8702cc161b9670e8dc1b978b88
-
SHA256
7e658ae627231fa666375b4588278cc20568a9862b19b268e12f8f4e468bacb3
-
SHA512
8dddbf96ace41924158553a99b81694a44d4b683790697cc631a367729850aae929e6aa82fbd3e6157b7815a0039c152616f04d4f5f5defbc0e7b7e850ab323c
-
SSDEEP
1536:h7W0MC2QDUscAA+mJ7uWBHd1bw+brJcYVYrp8E9dqiqaqOQtDvejyjDpE:hwCrDTPADJ7v/M+brKCOQgmjNE
Malware Config
Extracted
xworm
-
Install_directory
%AppData%
-
install_file
XClient.exe
-
pastebin_url
https://pastebin.com/raw/Xei4S8Yz
Targets
-
-
Target
PlayerTracker.exe
-
Size
81KB
-
MD5
e5dfe8f83fca027dea3ecc628e7850c4
-
SHA1
f2194b4613aedb8702cc161b9670e8dc1b978b88
-
SHA256
7e658ae627231fa666375b4588278cc20568a9862b19b268e12f8f4e468bacb3
-
SHA512
8dddbf96ace41924158553a99b81694a44d4b683790697cc631a367729850aae929e6aa82fbd3e6157b7815a0039c152616f04d4f5f5defbc0e7b7e850ab323c
-
SSDEEP
1536:h7W0MC2QDUscAA+mJ7uWBHd1bw+brJcYVYrp8E9dqiqaqOQtDvejyjDpE:hwCrDTPADJ7v/M+brKCOQgmjNE
Score10/10-
Contains code to disable Windows Defender
A .NET executable tasked with disabling Windows Defender capabilities such as realtime monitoring, blocking at first seen, etc.
-
Detect Xworm Payload
-
Xworm
Xworm is a remote access trojan written in C#.
-
Drops startup file
-
Loads dropped DLL
-
Adds Run key to start application
-
Legitimate hosting services abused for malware hosting/C2
-