Overview

overview

10

Static

static

1

e39efc1e1e...5f.exe

windows7-x64

3

e39efc1e1e...5f.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    2d4b8e6604de91c320ecb3a9d24b208067efc9db1382b97e511440b91177d9ed

  • Size

    10KB

  • Sample

    240822-khjh2axcqh

  • MD5

    9f2ba42f310bd71c11437bac1ce1ee9a

  • SHA1

    8006d3e991347b415c51d3454a97dc4c7274df0a

  • SHA256

    2d4b8e6604de91c320ecb3a9d24b208067efc9db1382b97e511440b91177d9ed

  • SHA512

    def681efece7142b567946f55cf9122e3806a2f16b71cb3f2276fec069d53d4a31ec47e801cd4bc692ac35bc8f55259903141969a8786a2748785a0848ec82de

  • SSDEEP

    192:WPgfdT93qthvdqkHTeNFlpsMb4jJ6+fEvphV8HDbmtz47NKY3Ts2ZVShCs8wh:4gN4PMK6WEvpv83mtEp7VY

Score
10/10
stormkittyxwormcredential_accessdiscoverypersistenceratspywarestealertrojan

Malware Config

Extracted

Family

xworm

Version

5.0

C2

192.3.101.172:7000

Mutex

NaDGFqrxW3KfaOw9

Attributes
  • install_file

    USB.exe

aes.plain

Targets

    • Target

      e39efc1e1e00404b9ddc7659941af58f417a6383baf12b5878b1da36e46ae55f.exe

    • Size

      16KB

    • MD5

      10a826203139ab5be148ca3ff88b8acc

    • SHA1

      1be8e646f6966b9ff6658a5ed52c0953f11157a6

    • SHA256

      e39efc1e1e00404b9ddc7659941af58f417a6383baf12b5878b1da36e46ae55f

    • SHA512

      1a65232447d851a2380edb1533d8137a0b3a2236ab757b8473ec11e393604a77db3b64764c6f2c2d3fbc11c1ab7c32a8a1ec493e2b4a509af8adcce1be3b552e

    • SSDEEP

      384:W1JeqToh3OscVnLTCAM+o/8E9VF0NyPS3E:W16dOsclLTCAMxkEd0E

    Score
    10/10
    discoverystormkittyxwormcredential_accesspersistenceratspywarestealertrojan

    • Detect Xworm Payload

    • StormKitty

      StormKitty is an open source info stealer written in C#.

      stealerstormkitty

    • StormKitty payload

    • Xworm

      Xworm is a remote access trojan written in C#.

      trojanratxworm

    • Credentials from Password Stores: Credentials from Web Browsers

      Malicious Access or copy of Web Browser Credential store.

      credential_accessstealer

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spywarestealer

    • Adds Run key to start application

      persistence
    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks