Overview

overview

10

Static

static

10

341d213ffb...40.exe

windows7-x64

10

341d213ffb...40.exe

windows10-2004-x64

10

Sharing

Copy URL Twitter E-mail

General

  • Target

    90b363f21821b35934eced9bd7ce2963.bin

  • Size

    70KB

  • Sample

    240825-b3k3xs1gja

  • MD5

    e8f9ec04ce371a05653806365e7170d0

  • SHA1

    0b3f97a5eb30cb97ce2aefd5b3c8eea9ce12de84

  • SHA256

    91ed4f07c3e5b2e0c7b5f00f003debc9adafe2cc5127fad969f4a309c85f0d8d

  • SHA512

    9cce16334fc0cf0fb1776598b9eb16b0e26a9f740e43c5e32d6a48252ed755356f6dd5b2d0312cee78424dd2c3069fb0c67106f3149757002b4b3b51171d590d

  • SSDEEP

    1536:ze2rmn1OAKzhp0odciZo/kOXQ/RSWrOak55kftnEPSq:i2S1OAK9p0oSjkRR9E5WKSq

Score
10/10
xwormpersistencerattrojan

Malware Config

Extracted

Family

xworm

C2

84.38.132.25:7771

Attributes
  • Install_directory

    %AppData%

  • install_file

    ChromeHandler.exe

Targets

    • Target

      341d213ffb340627b485a9d3b23d21464e95fc2bb437441559bf9173ce942640.exe

    • Size

      182KB

    • MD5

      90b363f21821b35934eced9bd7ce2963

    • SHA1

      55f5f5b97145f5dd5b420c4294e34a1187e0851d

    • SHA256

      341d213ffb340627b485a9d3b23d21464e95fc2bb437441559bf9173ce942640

    • SHA512

      6ec69a5120469c446c834850b9eaf0c3210aa4bbe6a378cbd04b864902104ceb1744ca86be8843a2fd9d4f433916a89dd9e84fa84f95bfe3a24b28e384bedc34

    • SSDEEP

      3072:XVaZlZe/bV0eLdro+bhr/n5fKOAVkl4NpVq8BxFRzaqF+o2GQJ7/JzqVfGvy:ueddlbhnNlgVqwlL

    Score
    10/10
    xwormpersistencerattrojan

    • Detect Xworm Payload

    • Xworm

      Xworm is a remote access trojan written in C#.

      trojanratxworm

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Drops startup file

    • Executes dropped EXE

    • Adds Run key to start application

      persistence
    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks