7face24db4aa43220ebc4d3afb6c739307f8b653c686b829fb1cb6091695c113 | Triage

Sharing

General

Target

xworm.exe
Size

227KB
Sample

240820-s3ygpazeja
MD5

f25ef9e7998ae6d7db70c919b1d9636b
SHA1

572146d53d0d7b3c912bc6a24f458d67b77a53fe
SHA256

7face24db4aa43220ebc4d3afb6c739307f8b653c686b829fb1cb6091695c113
SHA512

d8682cdb5876f9ffe6aa8856d5ffa8c168afd25fc927781d80d129491fa04aabf045f01d13ffb51e3db9773367cc00fce466e1ef7af11bfc3d7af13df06cc17c
SSDEEP

6144:YdAfHWAy5hne6jlVg1jCYRCuAOm6Tw8ym:Yqf7y5he6DkQutw8ym

Score

8^/10

defense_evasion discovery

Malware Config

Targets

- Target
  
  xworm.exe
- Size
  
  227KB
- MD5
  
  f25ef9e7998ae6d7db70c919b1d9636b
- SHA1
  
  572146d53d0d7b3c912bc6a24f458d67b77a53fe
- SHA256
  
  7face24db4aa43220ebc4d3afb6c739307f8b653c686b829fb1cb6091695c113
- SHA512
  
  d8682cdb5876f9ffe6aa8856d5ffa8c168afd25fc927781d80d129491fa04aabf045f01d13ffb51e3db9773367cc00fce466e1ef7af11bfc3d7af13df06cc17c
- SSDEEP
  
  6144:YdAfHWAy5hne6jlVg1jCYRCuAOm6Tw8ym:Yqf7y5he6DkQutw8ym
Score

8^/10

defense_evasion discovery
- Blocklisted process makes network request
- Obfuscated Files or Information: Command Obfuscation
  Adversaries may obfuscate content during command execution to impede detection.
  defense_evasion
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Obfuscated Files or Information

Command Obfuscation

Credential Access

Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

defense_evasiondiscovery

behavioral2

defense_evasiondiscovery