General

  • Target

    ffe9b9de145969a32320dbbfa6dd5fe6.bin

  • Size

    166KB

  • Sample

    240621-edqhws1gmk

  • MD5

    d322345396967c661086087d1578e621

  • SHA1

    2ae6fed95aa61350867b6da1f38a50513b55f899

  • SHA256

    d4bbab55c9a16739abf7b2b722788c3386a5a6fdc2cc017d8a86629b92c55210

  • SHA512

    134398d89fbce6c9e8da07d0cc718e257650799af9021f50b2f4e9ab5cad9f73206c9dce8bab80a23f8ea8e9485761c94caabed407c987f0722b5b3174ccf5cd

  • SSDEEP

    3072:GgAGLp/bE47Q1Cf1KViQpIDe+UfhOBFv6KSTveNXImbw6QjuhQ:Ggp17Q1CdKVifeVf4f6PveKmk9uhQ

Score
10/10

Malware Config

Extracted

Family

xworm

Version

5.0

C2

193.161.193.99:22849

Mutex

59cumZBR6kSrFlEg

Attributes
  • install_file

    USB.exe

aes.plain

Targets

    • Target

      6513f2777a217402f9fa6196dacc31c948dfdde0680ccba57879b1c8d2cd11f8.vbe

    • Size

      274KB

    • MD5

      ffe9b9de145969a32320dbbfa6dd5fe6

    • SHA1

      845f94bea47738145737b413992ef141af93e69c

    • SHA256

      6513f2777a217402f9fa6196dacc31c948dfdde0680ccba57879b1c8d2cd11f8

    • SHA512

      be162b21b798c681ab7146210d5f2cb742bd9a49aff6778ea9614decf6688f511b172ee8e632c19cc01092b3f9233655b08829652cf8c93bd07e1b2d9ac28e88

    • SSDEEP

      6144:/2AuQvH6zYFyqnL+ct+7og/6zyGfcbygrvjAw6LVWPLaFUy:/Mc+7OzUbyobTWeu

    Score
    10/10
    • Detect Xworm Payload

    • Xworm

      Xworm is a remote access trojan written in C#.

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks