General

  • Target

    UNDERLIKE.exe

  • Size

    33KB

  • Sample

    240621-mnm5hszfkl

  • MD5

    50a3ed4e4c7df557e22d69f64a604568

  • SHA1

    db01bb203c1320e511b60a9df0375f8bc9d4dcb9

  • SHA256

    1162aba23cfc1a32f719b7a3c517af6a1c24715c547add236a78dfd482541db7

  • SHA512

    e935fb44bd8a1af1eec10b9ae263ca8d7b6144b94b4a389ece82eb99ee7e887a0eb385ee16b4f69ba175ba8eecd497669432bdaf0c8028deae85605ce9a62ed9

  • SSDEEP

    384:eWrVqCDweO/a5KxxL4YQDc2ETU8XYYR+gtFqBLTiZw/WNnvK9IkVubCxOjhO/3vV:7Kf4NGxYYZF29RtOjhO/3vo99dS

Score
10/10

Malware Config

Extracted

Family

xworm

Version

3.0

C2

et-hansen.gl.at.ply.gg:33635

Mutex

iGPZWxE8sAn1FGpi

Attributes
  • Install_directory

    %AppData%

aes.plain

Targets

    • Target

      UNDERLIKE.exe

    • Size

      33KB

    • MD5

      50a3ed4e4c7df557e22d69f64a604568

    • SHA1

      db01bb203c1320e511b60a9df0375f8bc9d4dcb9

    • SHA256

      1162aba23cfc1a32f719b7a3c517af6a1c24715c547add236a78dfd482541db7

    • SHA512

      e935fb44bd8a1af1eec10b9ae263ca8d7b6144b94b4a389ece82eb99ee7e887a0eb385ee16b4f69ba175ba8eecd497669432bdaf0c8028deae85605ce9a62ed9

    • SSDEEP

      384:eWrVqCDweO/a5KxxL4YQDc2ETU8XYYR+gtFqBLTiZw/WNnvK9IkVubCxOjhO/3vV:7Kf4NGxYYZF29RtOjhO/3vo99dS

    Score
    10/10
    • Detect Xworm Payload

    • Xworm

      Xworm is a remote access trojan written in C#.

    • Drops startup file

MITRE ATT&CK Enterprise v15

Tasks