Overview

overview

10

Static

static

3

main/VapeP...on.dll

windows11-21h2-x64

1

main/main.v1.exe

windows11-21h2-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    main.rar

  • Size

    1.2MB

  • Sample

    240614-ezzzfsvekh

  • MD5

    1d3810b4b5ff911729c4a5570e4f93f9

  • SHA1

    349ded523e9019061fafb0249082e62ca9366712

  • SHA256

    aeab4b66da21ca4ff328d202cb2db093849448b968fa12099ff10f23e19dc60e

  • SHA512

    5dd7f54018df357b6c15e5b367ec09fc579e17b458b48fc7a8c017982c0ca0f084b0c00fdddacd300708385c7356ef94f9960abba34b4379c3bced0f2e61fc74

  • SSDEEP

    24576:a6TD87frfThI4dqvQWTicH0QBEalE8gxKlVtwn5vn+MS9NQYBNUFZQJ2wC8D:ak8fBVdqBHVB/ETxgtwn5kZvEKJ24D

Score
10/10
xwormexecutionrattrojan

Malware Config

Extracted

Family

xworm

C2

gift-scientists.gl.at.ply.gg:20443

Attributes
  • Install_directory

    %AppData%

  • install_file

    scvhost.exe

Targets

    • Target

      main/VapeProtecion.dll

    • Size

      116KB

    • MD5

      3a83c36b9906297c92ff29b2d89ed243

    • SHA1

      12d97851b68cdd175d0b262764e9e69d9c666918

    • SHA256

      25b940a7a9a86d5b00bce52315332fa313ef583159486c5bc7147e9c8ce845bb

    • SHA512

      73a8b7d72255b7a53bb7d033c50746d69496d9cfab7960f5f416928b16b69fc644811eed489e43cee8e5670f4bd320a12324d4b6e47e5839223ee99ae94c65f6

    • SSDEEP

      3072:rmcqYHq7Aiytzg2ScpvgJcG5sqYX6UoHrlBS:K0Hq7AiyegZgJZSXwLH

    Score
    1/10
    behavioral1

    • Target

      main/main.v1.exe

    • Size

      1.2MB

    • MD5

      dc34a8f3b65df10c070951e4badc0dc4

    • SHA1

      cf3f53df78152e416ae517dd09a2d8e874c3cb05

    • SHA256

      6666c3ef1bb36779fd6725d4ec308dd4a5a7677931844691d1d3fdba46c3278f

    • SHA512

      a52afa789dc5ac42c50a2364c2d9e8138aaee833ac4e266f99473a01412e46fcbfa3351adf538ec023df13234203b90c0b8d3e429155b4515da1210657f9e008

    • SSDEEP

      24576:vGjmmvk+tKHCeYhDM/gRZGJ1FkRlqY3Jna5ptgJBXc1mz7MljDBdUaUk/0nF:+6mvoieODMo/GJQoYpantgbv81ck0n

    Score
    10/10
    xwormexecutionrattrojan

    • Detect Xworm Payload

    • Xworm

      Xworm is a remote access trojan written in C#.

      trojanratxworm

    • Command and Scripting Interpreter: PowerShell

      Run Powershell to modify Windows Defender settings to add exclusions for file extensions, paths, and processes.

      execution

    • Executes dropped EXE

    behavioral2

MITRE ATT&CK Enterprise v15

Tasks