General

  • Target

    XClient.exe

  • Size

    32KB

  • Sample

    240621-qmrm4avglq

  • MD5

    90c64fbad40789943468ede588133bf8

  • SHA1

    98da6d7e84ff18fd0bc760dc3ecb498fac384359

  • SHA256

    34b9641ff8a9253a24746b274a5f74507c6dc6df509b084bba2533eb90402e39

  • SHA512

    b7169fa6cf82b4ba9491dd8030896d71efb0ef739857fad511181be38ac5851098b03cbd3078366357f72ffe332de434493d40f0729bc0be8bd95b12f1fd96e4

  • SSDEEP

    384:CEbmX5Qa+vN1h1+X3v6JFjL+g93Tm2eaFOL1dRApkFTBLTsOZwpGd2v99IkuisQ1:bVa+vNtg+PB93Tw4e1dVFE9jdOjhIbL

Score
10/10

Malware Config

Extracted

Family

xworm

Version

5.0

C2

147.185.221.20:33360

Mutex

gUo0hNRMyeGZy0ng

Attributes
  • install_file

    USB.exe

aes.plain

Targets

    • Target

      XClient.exe

    • Size

      32KB

    • MD5

      90c64fbad40789943468ede588133bf8

    • SHA1

      98da6d7e84ff18fd0bc760dc3ecb498fac384359

    • SHA256

      34b9641ff8a9253a24746b274a5f74507c6dc6df509b084bba2533eb90402e39

    • SHA512

      b7169fa6cf82b4ba9491dd8030896d71efb0ef739857fad511181be38ac5851098b03cbd3078366357f72ffe332de434493d40f0729bc0be8bd95b12f1fd96e4

    • SSDEEP

      384:CEbmX5Qa+vN1h1+X3v6JFjL+g93Tm2eaFOL1dRApkFTBLTsOZwpGd2v99IkuisQ1:bVa+vNtg+PB93Tw4e1dVFE9jdOjhIbL

    Score
    10/10
    • Detect Xworm Payload

    • Xworm

      Xworm is a remote access trojan written in C#.

    • Loads dropped DLL

MITRE ATT&CK Matrix

Tasks