General
-
Target
Hack.exe
-
Size
35KB
-
Sample
240615-qxeraasdrc
-
MD5
097ba10f6ae6cfd00f0b0f523c017753
-
SHA1
f732cb24cdb9ef1a37801955ad543bf74f6dcca7
-
SHA256
ecb008f01f38681711f25f81a65a3687959696f2d6de2eb33ebf0268f1accf01
-
SHA512
b8e76e897a4bba88d0bb216c16cfb61141ee5cc7e1f7f57af0c98e718856ac0efb72a346b5aeaab34dec6ddcfbfb535cfb40ed518a5f76ea6b073d82d5023af6
-
SSDEEP
768:3oHv9ouQGV4hiQfCYzZ4mVFy+9FcLOjh1OEy:3oHloq4hVa6Z48Ff9FyOjo
Malware Config
Extracted
xworm
5.0
modern-educators.gl.at.ply.gg:23695
ihEh1iAwMvUgAf10
-
Install_directory
%AppData%
-
install_file
XClient.exe
Targets
-
-
Target
Hack.exe
-
Size
35KB
-
MD5
097ba10f6ae6cfd00f0b0f523c017753
-
SHA1
f732cb24cdb9ef1a37801955ad543bf74f6dcca7
-
SHA256
ecb008f01f38681711f25f81a65a3687959696f2d6de2eb33ebf0268f1accf01
-
SHA512
b8e76e897a4bba88d0bb216c16cfb61141ee5cc7e1f7f57af0c98e718856ac0efb72a346b5aeaab34dec6ddcfbfb535cfb40ed518a5f76ea6b073d82d5023af6
-
SSDEEP
768:3oHv9ouQGV4hiQfCYzZ4mVFy+9FcLOjh1OEy:3oHloq4hVa6Z48Ff9FyOjo
Score10/10-
Contains code to disable Windows Defender
A .NET executable tasked with disabling Windows Defender capabilities such as realtime monitoring, blocking at first seen, etc.
-
Detect Xworm Payload
-
Xworm
Xworm is a remote access trojan written in C#.
-
Drops startup file
-