Overview

overview

10

Static

static

3

CppMalware.exe

windows10-2004-x64

10

Sharing

Copy URL Twitter E-mail

General

  • Target

    CppMalware.exe

  • Size

    289KB

  • Sample

    240908-t38s4ayemh

  • MD5

    4a9b568bfb7762d641f077c4569aa223

  • SHA1

    2f1c1b8ad4202e96f43290926e72be839b5d66e5

  • SHA256

    9b39914b6ec9c2e7fe927d4f9f7605faba84884f2032c714fe435d830c615777

  • SHA512

    e431b3f73acce527e8471aca5b187ef71277a1bd197601423d0ddbbd6d894ac7b090d4e52bbb261e3f2f9c2d782436cc6b80e0272d6bbd4a306478689eb7b352

  • SSDEEP

    6144:BpxxsAu3scVMNSxr2VRIco4XgMOXQfTluX7I6ysB:lxsBcclr4RzXgrgr+I6JB

Score
10/10
xwormexecutionrattrojan

Malware Config

Extracted

Family

xworm

C2

super-nearest.gl.at.ply.gg:17835

Attributes
  • install_file

    USB.exe

Targets

    • Target

      CppMalware.exe

    • Size

      289KB

    • MD5

      4a9b568bfb7762d641f077c4569aa223

    • SHA1

      2f1c1b8ad4202e96f43290926e72be839b5d66e5

    • SHA256

      9b39914b6ec9c2e7fe927d4f9f7605faba84884f2032c714fe435d830c615777

    • SHA512

      e431b3f73acce527e8471aca5b187ef71277a1bd197601423d0ddbbd6d894ac7b090d4e52bbb261e3f2f9c2d782436cc6b80e0272d6bbd4a306478689eb7b352

    • SSDEEP

      6144:BpxxsAu3scVMNSxr2VRIco4XgMOXQfTluX7I6ysB:lxsBcclr4RzXgrgr+I6JB

    Score
    10/10
    xwormexecutionrattrojan

    • Detect Xworm Payload

    • Xworm

      Xworm is a remote access trojan written in C#.

      trojanratxworm

    • Command and Scripting Interpreter: PowerShell

      Run Powershell to modify Windows Defender settings to add exclusions for file extensions, paths, and processes.

      execution

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    behavioral1

MITRE ATT&CK Enterprise v15

Tasks