General

  • Target

    c67033946e483c2eaf5e7f741b7dac5cafed9069d794728ace3e2f9c18f24413

  • Size

    56KB

  • Sample

    240621-dxwnksxbqh

  • MD5

    dd6a22cf1c79fb970e3eb6aa6705f606

  • SHA1

    0214bfdaa0f9eacd1d4e4fec86db49867fe1e050

  • SHA256

    c67033946e483c2eaf5e7f741b7dac5cafed9069d794728ace3e2f9c18f24413

  • SHA512

    cbe3dd25873c27418f97527efb9a74608625a960f71d99fb804a3cb7de4cda755c0bc32f9d96285b5967b888159f1a67d849d45da0d1c15b1a9ebc78d8b56e18

  • SSDEEP

    1536:UiQpi0RAXhc+yg54WYcnkbR7K1QSCoHzO59FQ:WMDIknkbR7t9OO5LQ

Score
10/10

Malware Config

Extracted

Family

xworm

C2

having-turn.gl.at.ply.gg:18080

Attributes
  • Install_directory

    %AppData%

  • install_file

    windowsservice.exe

Targets

    • Target

      c67033946e483c2eaf5e7f741b7dac5cafed9069d794728ace3e2f9c18f24413

    • Size

      56KB

    • MD5

      dd6a22cf1c79fb970e3eb6aa6705f606

    • SHA1

      0214bfdaa0f9eacd1d4e4fec86db49867fe1e050

    • SHA256

      c67033946e483c2eaf5e7f741b7dac5cafed9069d794728ace3e2f9c18f24413

    • SHA512

      cbe3dd25873c27418f97527efb9a74608625a960f71d99fb804a3cb7de4cda755c0bc32f9d96285b5967b888159f1a67d849d45da0d1c15b1a9ebc78d8b56e18

    • SSDEEP

      1536:UiQpi0RAXhc+yg54WYcnkbR7K1QSCoHzO59FQ:WMDIknkbR7t9OO5LQ

    Score
    10/10
    • Detect Xworm Payload

    • Xworm

      Xworm is a remote access trojan written in C#.

    • Detects Windows executables referencing non-Windows User-Agents

    • Drops startup file

MITRE ATT&CK Enterprise v15

Tasks