General
-
Target
ШЕДЕВРОxworm.exe
-
Size
32.6MB
-
Sample
240625-2km3nszgpj
-
MD5
4157903a7aa47f72f4cb1461ff129877
-
SHA1
9b3f1a785caf00f27bd6051ee38fe1c8f09ef4d6
-
SHA256
bed864cabab1670f24a99a1313f207d8fe4015195d6f23c2f91d248f166d8210
-
SHA512
79666d31573bc788d319dcf12202024222dff29a287c327665e60d6c3d72553286ae4e6f2792fce252d6ba1cfe71a6dba5f6aa6115de77c2842dde17629ee43e
-
SSDEEP
786432:tCulDY4/fii021J2TmRbH87hoC3aU1s3yJxTsHpAjiE6LyOg5UFt:ca8oi6z6mN6o2WyJxIemO98t
Malware Config
Extracted
xworm
5.0
127.0.0.1:28223
unknown-sunglasses.gl.at.ply.gg:28223
rVUJpGK3xHCE778M
-
Install_directory
%AppData%
-
install_file
svchost.exe
Targets
-
-
Target
ШЕДЕВРОxworm.exe
-
Size
32.6MB
-
MD5
4157903a7aa47f72f4cb1461ff129877
-
SHA1
9b3f1a785caf00f27bd6051ee38fe1c8f09ef4d6
-
SHA256
bed864cabab1670f24a99a1313f207d8fe4015195d6f23c2f91d248f166d8210
-
SHA512
79666d31573bc788d319dcf12202024222dff29a287c327665e60d6c3d72553286ae4e6f2792fce252d6ba1cfe71a6dba5f6aa6115de77c2842dde17629ee43e
-
SSDEEP
786432:tCulDY4/fii021J2TmRbH87hoC3aU1s3yJxTsHpAjiE6LyOg5UFt:ca8oi6z6mN6o2WyJxIemO98t
Score10/10-
Detect Umbral payload
-
Detect Xworm Payload
-
Umbral
Umbral stealer is an opensource moduler stealer written in C#.
-
Xworm
Xworm is a remote access trojan written in C#.
-
Command and Scripting Interpreter: PowerShell
Run Powershell to modify Windows Defender settings to add exclusions for file extensions, paths, and processes.
-
.NET Reactor proctector
Detects an executable protected by an unregistered version of Eziriz's .NET Reactor.
-