Overview

overview

10

Static

static

3

momentomo.exe

windows7-x64

7

momentomo.exe

windows10-2004-x64

10

momentomo.exe

windows11-21h2-x64

10

Sharing

Copy URL Twitter E-mail

General

  • Target

    momentomo.exe

  • Size

    6.5MB

  • Sample

    240708-dz1ejszgll

  • MD5

    be3b004700a8a0ca27d0d65841f688b2

  • SHA1

    df11006024fd315c945186026575bce7811d75e9

  • SHA256

    f50c6f8988f58a6cae0b1a111136dc0de13cc9192a006a686227764f0e0dae0b

  • SHA512

    9101f80fdf1e0f28583d3c4dab7dc2270a842087b6ae1dcd32cd0c51828a860509e127c1677a61285149126baed9af69c53dde38769c28a42b419ca65c8f0392

  • SSDEEP

    98304:4C08DmW5o1hZlzb71QGQCPDbZfxz87le5BLoHLSLgj8NnJwFDDEy2nZsBJ1nCkKP:p0QmW5ofdQmRKuErSEEJwdFvZnCkK

Score
10/10
xwormpyinstallerrattrojan

Malware Config

Extracted

Family

xworm

Version

3.1

C2

june9402xw.duckdns.org:9402

Mutex

TAtfGa9f0WCjVzn6

Attributes
  • install_file

    USB.exe

aes.plain

Targets

    • Target

      momentomo.exe

    • Size

      6.5MB

    • MD5

      be3b004700a8a0ca27d0d65841f688b2

    • SHA1

      df11006024fd315c945186026575bce7811d75e9

    • SHA256

      f50c6f8988f58a6cae0b1a111136dc0de13cc9192a006a686227764f0e0dae0b

    • SHA512

      9101f80fdf1e0f28583d3c4dab7dc2270a842087b6ae1dcd32cd0c51828a860509e127c1677a61285149126baed9af69c53dde38769c28a42b419ca65c8f0392

    • SSDEEP

      98304:4C08DmW5o1hZlzb71QGQCPDbZfxz87le5BLoHLSLgj8NnJwFDDEy2nZsBJ1nCkKP:p0QmW5ofdQmRKuErSEEJwdFvZnCkK

    Score
    10/10
    xwormrattrojan

    • Detect Xworm Payload

    • Suspicious use of NtCreateUserProcessOtherParentProcess

    • Xworm

      Xworm is a remote access trojan written in C#.

      trojanratxworm

    • Loads dropped DLL

    behavioral1behavioral2behavioral3

MITRE ATT&CK Matrix

Tasks