General

  • Target

    35e4785db7e1874206587b22d8f3e09ae965b1cbeab7699f2dab10e3f7fbb1fc_NeikiAnalytics.exe

  • Size

    773KB

  • Sample

    240621-dyl6jaxcjc

  • MD5

    7b8f27c6590b1e5714b60254f6f46860

  • SHA1

    7b1571e1d8b1eb57f86e1516039be20576e36b6d

  • SHA256

    35e4785db7e1874206587b22d8f3e09ae965b1cbeab7699f2dab10e3f7fbb1fc

  • SHA512

    4717f274dfe81144208f77f19f6678091775258bd25e4754253811bcf14138b1a863a1f2565a37faa129d4059776fff30e868430e8b3c8740c1715c15ea852d3

  • SSDEEP

    12288:kV6Dq6mhsKRmgVC3LVO6OFYZUArACiu4m2DVdAA:k6KIgeVOj0NrAHZfA

Score
10/10

Malware Config

Extracted

Family

xworm

C2

192.168.190.151:7000

Attributes
  • Install_directory

    %AppData%

  • install_file

    XClient.exe

Targets

    • Target

      35e4785db7e1874206587b22d8f3e09ae965b1cbeab7699f2dab10e3f7fbb1fc_NeikiAnalytics.exe

    • Size

      773KB

    • MD5

      7b8f27c6590b1e5714b60254f6f46860

    • SHA1

      7b1571e1d8b1eb57f86e1516039be20576e36b6d

    • SHA256

      35e4785db7e1874206587b22d8f3e09ae965b1cbeab7699f2dab10e3f7fbb1fc

    • SHA512

      4717f274dfe81144208f77f19f6678091775258bd25e4754253811bcf14138b1a863a1f2565a37faa129d4059776fff30e868430e8b3c8740c1715c15ea852d3

    • SSDEEP

      12288:kV6Dq6mhsKRmgVC3LVO6OFYZUArACiu4m2DVdAA:k6KIgeVOj0NrAHZfA

    Score
    10/10
    • Detect Xworm Payload

    • Xworm

      Xworm is a remote access trojan written in C#.

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Drops startup file

    • Executes dropped EXE

MITRE ATT&CK Enterprise v15

Tasks