General

  • Target

    X Image logger beta V5.4.exe

  • Size

    281KB

  • Sample

    240621-lnhdlayemn

  • MD5

    5fd4f327e8ced0a5ddfe7e72f9019b62

  • SHA1

    36d86359b077c4ba121095f90e5143c3f712d218

  • SHA256

    2502ceb09d5122bf345526dec2d66ce207f0169078df86e77979dc1d4a34dbf9

  • SHA512

    70d9abcf58650a17164ba4afd14d6e5ec76971e1f9a534423c8693265a52aee6c35029f1bb950b93809af9fba6a8c6112a6e13fd3c4282ea8687313e468a0566

  • SSDEEP

    3072:K++eov7Fz9fbOjmoRahEe0SzSeXX+pow1X70+OFNXqF0RrssIHtGNXElGRP1K:Klz9XHhWBTWrsHH8FElg1

Malware Config

Extracted

Family

xworm

Version

5.0

C2

modern-educators.gl.at.ply.gg:23695

Mutex

U4MFtBeWYgMZLcT3

Attributes
  • Install_directory

    %Userprofile%

  • install_file

    USB.exe

aes.plain

Targets

    • Target

      X Image logger beta V5.4.exe

    • Size

      281KB

    • MD5

      5fd4f327e8ced0a5ddfe7e72f9019b62

    • SHA1

      36d86359b077c4ba121095f90e5143c3f712d218

    • SHA256

      2502ceb09d5122bf345526dec2d66ce207f0169078df86e77979dc1d4a34dbf9

    • SHA512

      70d9abcf58650a17164ba4afd14d6e5ec76971e1f9a534423c8693265a52aee6c35029f1bb950b93809af9fba6a8c6112a6e13fd3c4282ea8687313e468a0566

    • SSDEEP

      3072:K++eov7Fz9fbOjmoRahEe0SzSeXX+pow1X70+OFNXqF0RrssIHtGNXElGRP1K:Klz9XHhWBTWrsHH8FElg1

    • Detect Xworm Payload

    • Xworm

      Xworm is a remote access trojan written in C#.

    • Drops startup file

    • Adds Run key to start application

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

MITRE ATT&CK Enterprise v15

Tasks