General

  • Target

    831cc53b4c821673e9cb0565270028834cf03f59f8937a4ff5f795d7bfde4332_NeikiAnalytics.exe

  • Size

    51KB

  • Sample

    240622-gga9gszgqd

  • MD5

    7a3583c53b305c0d6a8e1c951ad65150

  • SHA1

    d3d5cd179ca6e93f71bef3e0df7b0e21b2807829

  • SHA256

    831cc53b4c821673e9cb0565270028834cf03f59f8937a4ff5f795d7bfde4332

  • SHA512

    4824de360fedc2e32298dd0b60cd2677e5484b16d7448b92d42a25a096cfe35afe2080f5fae61b21ce5b544e1798116217e4f9b0c0cae0b0d62a982408031ce2

  • SSDEEP

    768:JbFI45nk2ZTeqMzHuqoBMBolBcws9AhR/8JPIExUbPeJJt0Jn37i25cd80OBh2k2:ZFI45nsqMSqclCAfU+b2Dt0DaOBElF

Score
10/10

Malware Config

Extracted

Family

xworm

C2

45.153.230.56:9392

Attributes
  • Install_directory

    %Public%

  • install_file

    XClient.exe

Targets

    • Target

      831cc53b4c821673e9cb0565270028834cf03f59f8937a4ff5f795d7bfde4332_NeikiAnalytics.exe

    • Size

      51KB

    • MD5

      7a3583c53b305c0d6a8e1c951ad65150

    • SHA1

      d3d5cd179ca6e93f71bef3e0df7b0e21b2807829

    • SHA256

      831cc53b4c821673e9cb0565270028834cf03f59f8937a4ff5f795d7bfde4332

    • SHA512

      4824de360fedc2e32298dd0b60cd2677e5484b16d7448b92d42a25a096cfe35afe2080f5fae61b21ce5b544e1798116217e4f9b0c0cae0b0d62a982408031ce2

    • SSDEEP

      768:JbFI45nk2ZTeqMzHuqoBMBolBcws9AhR/8JPIExUbPeJJt0Jn37i25cd80OBh2k2:ZFI45nsqMSqclCAfU+b2Dt0DaOBElF

    Score
    10/10
    • Detect Xworm Payload

    • Xworm

      Xworm is a remote access trojan written in C#.

    • Drops startup file

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

MITRE ATT&CK Enterprise v15

Tasks