General

  • Target

    52daba9c513289d60da360ee68378b1f6a5ab69e2c71f20d12932244657bb615_NeikiAnalytics.exe

  • Size

    35KB

  • Sample

    240621-j1dvtssdpg

  • MD5

    67fff50869ac59ac55c9ffe5947a0c00

  • SHA1

    c524b069cd7f7895b2f05ce546f40ad3545432a9

  • SHA256

    52daba9c513289d60da360ee68378b1f6a5ab69e2c71f20d12932244657bb615

  • SHA512

    657745a7f2b81683818b736b39d0fb0fc11ef225acae4f0e5141024bf264f21ad433b8eabaf35ec491094ccbc01029e11cba10e563d76287504e1d5a31b905b5

  • SSDEEP

    768:boHv9ouQGVJhiQfCYzZ4mVFy+9FOSOjhbOET:boHloqJhVa6Z48Ff9FOSOjL

Score
10/10

Malware Config

Extracted

Family

xworm

Version

5.0

C2

modern-educators.gl.at.ply.gg:23695

Mutex

htRxFDZliLkTfuIt

Attributes
  • Install_directory

    %AppData%

  • install_file

    XClient.exe

aes.plain

Targets

    • Target

      52daba9c513289d60da360ee68378b1f6a5ab69e2c71f20d12932244657bb615_NeikiAnalytics.exe

    • Size

      35KB

    • MD5

      67fff50869ac59ac55c9ffe5947a0c00

    • SHA1

      c524b069cd7f7895b2f05ce546f40ad3545432a9

    • SHA256

      52daba9c513289d60da360ee68378b1f6a5ab69e2c71f20d12932244657bb615

    • SHA512

      657745a7f2b81683818b736b39d0fb0fc11ef225acae4f0e5141024bf264f21ad433b8eabaf35ec491094ccbc01029e11cba10e563d76287504e1d5a31b905b5

    • SSDEEP

      768:boHv9ouQGVJhiQfCYzZ4mVFy+9FOSOjhbOET:boHloqJhVa6Z48Ff9FOSOjL

    Score
    10/10
    • Detect Xworm Payload

    • Xworm

      Xworm is a remote access trojan written in C#.

    • Drops startup file

MITRE ATT&CK Enterprise v15

Tasks