General

  • Target

    Windows Defender.exe

  • Size

    30KB

  • Sample

    241002-f5eq5syhpr

  • MD5

    56f2800f481b53f41d8660aa4360ee07

  • SHA1

    918be96734e92154a312314e551120c8222f9090

  • SHA256

    dcdbab06fc3b63e2a98ebc834205dc4d50f108051a473d002f9d5affe780e694

  • SHA512

    468e4188a0c18e69d8050d066efb9d049fa0cf78b9391aa5d33461611617ec7fdce170cb7c517df96906726c14ed1fb76beb3555bc5fcb20f9ad52246da7284c

  • SSDEEP

    384:N7wTA+5OfPgEBQqWvfcQLZe3sn0hYACSqReAw2uRugtFuBLTIOZw/WVnvn9IkVun:lrgECfLHnMYAoReJ2uBFE9RJLOqhMbx

Score
10/10

Malware Config

Extracted

Family

xworm

Version

3.1

C2

vehicle-wed.gl.at.ply.gg:2355

Mutex

irsMqnBPdMlT0tEE

Attributes
  • install_file

    USB.exe

aes.plain

Targets

    • Target

      Windows Defender.exe

    • Size

      30KB

    • MD5

      56f2800f481b53f41d8660aa4360ee07

    • SHA1

      918be96734e92154a312314e551120c8222f9090

    • SHA256

      dcdbab06fc3b63e2a98ebc834205dc4d50f108051a473d002f9d5affe780e694

    • SHA512

      468e4188a0c18e69d8050d066efb9d049fa0cf78b9391aa5d33461611617ec7fdce170cb7c517df96906726c14ed1fb76beb3555bc5fcb20f9ad52246da7284c

    • SSDEEP

      384:N7wTA+5OfPgEBQqWvfcQLZe3sn0hYACSqReAw2uRugtFuBLTIOZw/WVnvn9IkVun:lrgECfLHnMYAoReJ2uBFE9RJLOqhMbx

    Score
    10/10
    • Detect Xworm Payload

    • Xworm

      Xworm is a remote access trojan written in C#.

    • Deletes itself

MITRE ATT&CK Matrix

Tasks