Overview

overview

10

Static

static

10

msedge.exe

windows11-21h2-x64

10

Resubmissions

19-07-2024 10:45

240719-mtr1nazhkh 10

19-07-2024 10:44

240719-mssksszgpf 10

19-07-2024 10:31

240719-mks7cswfln 10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    msedge.exe

  • Size

    204KB

  • Sample

    240719-mssksszgpf

  • MD5

    4738e3496a3efe5f19c57b764eb5ba9b

  • SHA1

    da9163944b1f51438b2602cbc95660af43172065

  • SHA256

    cb51764f19e66bb6accd7f0418332bac7759073ed245f0633dddd53f68e81933

  • SHA512

    4cb3029e136471edf2ebb46d1e4fc3a70e5138a5bd4b3fb182b6746d00c69fd5cf8822c0c90c2bcb4d8276db0cecac16ea0198e18a44e755a340495b19cc2238

  • SSDEEP

    3072:LE9ZJhOb+68dbzP/b0GO1ItilKSRUGKXs+S++7KFSbxeY+qDDrMI:1q68dbD/b0mtilKDGqStKEbxI

Score
10/10
xwormexecutionrattrojan

Malware Config

Extracted

Family

xworm

C2

45.84.199.152:7000

Attributes
  • Install_directory

    %Public%

  • install_file

    Msedge.exe

Targets

    • Target

      msedge.exe

    • Size

      204KB

    • MD5

      4738e3496a3efe5f19c57b764eb5ba9b

    • SHA1

      da9163944b1f51438b2602cbc95660af43172065

    • SHA256

      cb51764f19e66bb6accd7f0418332bac7759073ed245f0633dddd53f68e81933

    • SHA512

      4cb3029e136471edf2ebb46d1e4fc3a70e5138a5bd4b3fb182b6746d00c69fd5cf8822c0c90c2bcb4d8276db0cecac16ea0198e18a44e755a340495b19cc2238

    • SSDEEP

      3072:LE9ZJhOb+68dbzP/b0GO1ItilKSRUGKXs+S++7KFSbxeY+qDDrMI:1q68dbD/b0mtilKDGqStKEbxI

    Score
    10/10
    xwormexecutionrattrojan

    • Detect Xworm Payload

    • Xworm

      Xworm is a remote access trojan written in C#.

      trojanratxworm

    • Command and Scripting Interpreter: PowerShell

      Run Powershell to modify Windows Defender settings to add exclusions for file extensions, paths, and processes.

      execution

    • Drops startup file

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    behavioral1

MITRE ATT&CK Enterprise v15

Tasks