General

  • Target

    fd9b10393c7611745944fad67bc452dc888e37a1ff8b9dafa398c140eb2755a0

  • Size

    32KB

  • Sample

    240622-fxbphstepk

  • MD5

    3bd3bf5064db9ffddde6cf30107bf46d

  • SHA1

    c91ef549d206ce8964d2dba13fc6c864c3bd0e16

  • SHA256

    fd9b10393c7611745944fad67bc452dc888e37a1ff8b9dafa398c140eb2755a0

  • SHA512

    c4191861956c902dbd0494a49ae1185a8b3bf10a1429e04c7384adaa728bff71bf57f557e6e96cd1e252cb8dd4aea0eabbd9e20b6d359a7f5b402d93ce373751

  • SSDEEP

    384:yYxRXcrP31VZBELRJnvJff3cdiwCYRJpkFTBLToOZwxJd2v99Ikuis3BVFxOjhsU:yPjgRFvJ3cdUYGF/9j8OjhsbQ

Score
10/10

Malware Config

Extracted

Family

xworm

Version

5.0

C2

https://pastebin.com/raw/06zP0GPQ:123456789

Mutex

t8m9lVwbqemVk3q3

Attributes
  • install_file

    USB.exe

  • pastebin_url

    https://pastebin.com/raw/06zP0GPQ

aes.plain

Targets

    • Target

      fd9b10393c7611745944fad67bc452dc888e37a1ff8b9dafa398c140eb2755a0

    • Size

      32KB

    • MD5

      3bd3bf5064db9ffddde6cf30107bf46d

    • SHA1

      c91ef549d206ce8964d2dba13fc6c864c3bd0e16

    • SHA256

      fd9b10393c7611745944fad67bc452dc888e37a1ff8b9dafa398c140eb2755a0

    • SHA512

      c4191861956c902dbd0494a49ae1185a8b3bf10a1429e04c7384adaa728bff71bf57f557e6e96cd1e252cb8dd4aea0eabbd9e20b6d359a7f5b402d93ce373751

    • SSDEEP

      384:yYxRXcrP31VZBELRJnvJff3cdiwCYRJpkFTBLToOZwxJd2v99Ikuis3BVFxOjhsU:yPjgRFvJ3cdUYGF/9j8OjhsbQ

    Score
    10/10
    • Detect Xworm Payload

    • Xworm

      Xworm is a remote access trojan written in C#.

    • Legitimate hosting services abused for malware hosting/C2

MITRE ATT&CK Enterprise v15

Tasks