Overview

overview

10

Static

static

3

Wave.JohnP...ed.rar

windows10-1703-x64

8

CefSharp.C...me.dll

windows10-1703-x64

1

WaveWindow...ed.exe

windows10-1703-x64

10

bin/Background.mp4

windows10-1703-x64

6

bin/lz4.dll

windows10-1703-x64

1

bin/wolfssl.dll

windows10-1703-x64

1

bin/xxhash.dll

windows10-1703-x64

1

bin/zlib1.dll

windows10-1703-x64

1

bin/zstd.dll

windows10-1703-x64

1

cracked by...lx.txt

windows10-1703-x64

1

d3dcompiler_47.dll

windows10-1703-x64

1

Resubmissions

26-11-2024 17:54

241126-whcw2aylbr 10

29-06-2024 04:49

240629-ff5aha1eke 10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    Wave.JohnPrlx.cracked.rar

  • Size

    10.3MB

  • Sample

    240629-ff5aha1eke

  • MD5

    a502e43649c31bd6007912d68b37cad1

  • SHA1

    9076425d466c78f4cf458ab9913fb0880fecf7d0

  • SHA256

    6d5ff2230c713e9372d23989c3ea247d814ffc6f19380be86f7bccf3c0b6ff91

  • SHA512

    cebdaf98e4406fcb95c3086c976c16313230c2630c610d542c61e1c8a655c28a4a6555d9c40a8faed760827d24613acc624547390d66e59f1a77ef7e45ff7ca0

  • SSDEEP

    196608:3xLL5xzen4Pdl4KmMJpgkGTSLv+gaiPBgy/fxKKXWK22Ddd:hPKn4PYhT4ai/xPGQdd

Score
10/10
xwormexecutionpersistencerattrojan

Malware Config

Extracted

Family

xworm

C2

stewiegriffin-37537.portmap.host:37537

Attributes
  • Install_directory

    %AppData%

  • install_file

    USB.exe

Targets

    • Target

      Wave.JohnPrlx.cracked.rar

    • Size

      10.3MB

    • MD5

      a502e43649c31bd6007912d68b37cad1

    • SHA1

      9076425d466c78f4cf458ab9913fb0880fecf7d0

    • SHA256

      6d5ff2230c713e9372d23989c3ea247d814ffc6f19380be86f7bccf3c0b6ff91

    • SHA512

      cebdaf98e4406fcb95c3086c976c16313230c2630c610d542c61e1c8a655c28a4a6555d9c40a8faed760827d24613acc624547390d66e59f1a77ef7e45ff7ca0

    • SSDEEP

      196608:3xLL5xzen4Pdl4KmMJpgkGTSLv+gaiPBgy/fxKKXWK22Ddd:hPKn4PYhT4ai/xPGQdd

    Score
    8/10

    • Downloads MZ/PE file

    • Executes dropped EXE

    behavioral1

    • Target

      CefSharp.Core.Runtime.dll

    • Size

      16KB

    • MD5

      13f2351b1335d78b0f8eab3bd7faf227

    • SHA1

      474cb498fbcbfed3a76a88f79d0cb8d8bc648749

    • SHA256

      91334c0362d8b3bdfcf64f9a894fdcb74640e92331d25f7d21a078e9a5889a6b

    • SHA512

      4ed51899be712cc4b1da79bd0854e855c77d52d8291e30e480a8c11590d2c66968f191e6cb3d5237df78fd2f6bde9a7fbd13a1ce2d6a556fb80c643ddd25bd9c

    • SSDEEP

      384:B4S4S4S4S4S4S4S4S4S4S4S4S4S4S4S4S4S4S4S4S4S4S4S4S4S4S4S4S4S4S4SB:B4S4S4S4S4S4S4S4S4S4S4S4S4S4S4SB

    Score
    1/10
    behavioral2

    • Target

      WaveWindowsCracked.exe

    • Size

      7.6MB

    • MD5

      1aec1baab610e71d2dd83ddb08d9c49a

    • SHA1

      47789c92be6ce830faa926acb1969086d410e4d4

    • SHA256

      e2bfe1a9a590aab1f7572309b45c0cf88558f9c3463acb550d30e24f47132d1c

    • SHA512

      2435a57bd91dae06c62ca1d209091f3ce4f3de9012eb80b901e89a62e60b28d45e5c94d018c5af5a831b3ff8d28e4bfc6e0c487125be14926a62b970e459690a

    • SSDEEP

      196608:IUhZUvqevevx2QtiFX2PTiiXIeMeZ4SZCqL1:BhOvaZ+X2PG6Iep6SZCy

    Score
    10/10
    xwormexecutionpersistencerattrojan

    • Detect Xworm Payload

    • Xworm

      Xworm is a remote access trojan written in C#.

      trojanratxworm

    • Command and Scripting Interpreter: PowerShell

      Run Powershell to modify Windows Defender settings to add exclusions for file extensions, paths, and processes.

      execution

    • Drops startup file

    • Executes dropped EXE

    • Adds Run key to start application

      persistence

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    behavioral3

    • Target

      bin/Background.mp4

    • Size

      4.6MB

    • MD5

      9782180eb68f73030fe24ef6a1735932

    • SHA1

      589827fe098ba048c9f871a28db8eae3e3537ff4

    • SHA256

      3a1cbb800f8f25c2ab703ba8bfdb01e938e4143c3bc0fea8ca734fb5ba779ba7

    • SHA512

      dc768638bae2d6d47d8910252ae64a656d8a6fd88efdf24165ddce51b7afdb4acb3fddd41dfe788737a2cab4fab66174db2f0d2f48bc8669af76d1656bca8be1

    • SSDEEP

      98304:xs/6Ldccul3Wn48btjNEkPSFTaIwJ0Mt6KNY:xs/Gul3EvEmFItMkb

    Score
    6/10

    • Enumerates connected drives

      Attempts to read the root path of hard drives other than the default C: drive.

    behavioral4

    • Target

      bin/lz4.dll

    • Size

      117KB

    • MD5

      b93f8dd94878d2ec820cc9c59d4aa88d

    • SHA1

      2b0a8d091129ff9945b55eec08f45cd407658531

    • SHA256

      cf3911f90d87e5ec99b6a372e947019ff4186b2b18fdfe1b2b8cfb30f66428fc

    • SHA512

      b9548ee5d66c35d5ad05878357108e1ae4f7cea31ebb66eda6aa70a77e0baf7fe119f7eba54c26ad2c901f2a5540dfe0446a408dace4d7a6ed35fead03178cd9

    • SSDEEP

      3072:k00000000000000000000000000000000000000000000000000000000X:+

    Score
    1/10
    behavioral5

    • Target

      bin/wolfssl.dll

    • Size

      1.6MB

    • MD5

      a5ed5188775d20f70555ff9177e1a913

    • SHA1

      e2d400676e1c67d4918c3455dae6dbca16fdc203

    • SHA256

      7a410bd6a39a65b6408773db9831b85ab3e09cf153c2091d1ea5d6d0750fe246

    • SHA512

      b184beab7cefe060d703dc1d9bb46fec46d8aa058efbb52d23502c42c940f3e860ed41ddb25896b7969cf735a1e181cd2d69291a6cecf03943da514214d87365

    • SSDEEP

      3072:/HHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHP:n

    Score
    1/10
    behavioral6

    • Target

      bin/xxhash.dll

    • Size

      205KB

    • MD5

      098aabd73a4778db8c5ce4a7fe965111

    • SHA1

      f015f129621f1da8eff192d3a4b8042937b2660d

    • SHA256

      c0111d493bd78b6ad35562d20c3e148827b2f7ca9a77879f719bd66895b1b2a4

    • SHA512

      18704392a818fe707806a635fe8dcf33cc655fb29fe3aa71b5803631637e5bc24d6b1fcc3f28f6a70321393918e266a93be325f7af9c875da4c99578846a09cc

    • SSDEEP

      3072:Yllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllw:3

    Score
    1/10
    behavioral7

    • Target

      bin/zlib1.dll

    • Size

      3.3MB

    • MD5

      3ade0c26d0f3d201c198dc288c8fb8b6

    • SHA1

      5ce87bfea3001ef65e25fee41b2c815acc6ca48b

    • SHA256

      8ca248d69ddbcb0e167f174b7c1b15e85f45fa929a8e6b5dae84c1edc65e5d48

    • SHA512

      24b232a5a3028fe5ac555eebc3b0a7b1075cec33d2805884a562978b77a866490530f7eb7c1ac44f1d534ca796dcfdfeb27e8d6d9c2c9e27d43afd9ae8224e9d

    • SSDEEP

      3072:fllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllP:f

    Score
    1/10
    behavioral8

    • Target

      bin/zstd.dll

    • Size

      1.5MB

    • MD5

      87e2881b682ba44d2d837f9e95883cc0

    • SHA1

      ea18791c5344d39236b40035ec38c884e4d1aa22

    • SHA256

      8605f4b677b2dcf65989841c13b519c24aabc75eede7f69978a8959d69cf839d

    • SHA512

      11b7b5c120e0069598d8fb2283bf522c6d65cc0f9c82fce35c5af36e9bdbf5918099b1b574e2799da9b179b54758ab19ed44332af02e8b5645525f93cf6a7f63

    • SSDEEP

      1536:Y99999999999999999999999999999999999999999999999999999999999999C:n

    Score
    1/10
    behavioral9

    • Target

      cracked by JohnPrlx.txt

    • Size

      22B

    • MD5

      d5ffaf0245ec720c09d0e37f832b33d7

    • SHA1

      dbff1dbcbaf7edc286e6bdf98ee52cc60e526ee9

    • SHA256

      594142beb0389cbfc0368d3e5b61cee8c4bdb9f458760421a909848f39ea7194

    • SHA512

      282393278060626d4c71fb22cb5cd08c34781c611cc07cd0d029ae32998c78d507300e2eee9e4e8bd88e3ef8038f524e910bfbd41811abd3ab97a0906e508047

    Score
    1/10
    behavioral10

    • Target

      d3dcompiler_47.dll

    • Size

      7KB

    • MD5

      ad9035cde61738f9822c6cf841ffdff4

    • SHA1

      ab4d0aea52cea032a325420d4408f3392d296537

    • SHA256

      8b38e765a1595201c2c0557bfc2d7fc34a2aedaa4f99a75018830364f544aa48

    • SHA512

      a4d14164463bce090e0d5638139ba2a658d46aa37e28c87962df1fc581ca9dc96442afb314aa8ed0d55445eb4ead0e058c7ed87d3d6f37f04e101e0215bf411b

    • SSDEEP

      12:SPaPaPaPaPaPaPaPaPaPaPaPaPaPaPaPaPaPaPaPaPaPaPaPaPaPaPaPaPaPaPah:SU

    Score
    1/10
    behavioral11

MITRE ATT&CK Enterprise v15

Tasks