stormkitty | 1836e05f25dddf9426969e13ab80d1dcdf8d7b496b1a05d98ebae9303c18b956 | Triage

Sharing

General

Target

XWorm V5.6.zip
Size

25.2MB
Sample

241012-zsh3ksvfrj
MD5

3df07d8344e5800f75f38fdade2aaec0
SHA1

133feffb7e48be2ce194324972d6e0424f2fd52f
SHA256

1836e05f25dddf9426969e13ab80d1dcdf8d7b496b1a05d98ebae9303c18b956
SHA512

38b91983dbc23e6bbb3443045aea54952f93da08ce68aa661583c9522c30a9e22a1c16bf99bfdc6a39a8a4bae353ef12ba978357ab8a3315fde2275bc4ff8579
SSDEEP

393216:Cv6y2gszSnnHTrQWQD59U/p+HZZPz+NJWRL4UPBu+89YWOcC16kh0upLTLrD9dO6:MwSnHTm59UhfJWRbPwYiC1euNrbO6

Score

10^/10

stormkitty xworm discovery

Malware Config

Targets

- Target
  
  XWorm V5.6.zip
- Size
  
  25.2MB
- MD5
  
  3df07d8344e5800f75f38fdade2aaec0
- SHA1
  
  133feffb7e48be2ce194324972d6e0424f2fd52f
- SHA256
  
  1836e05f25dddf9426969e13ab80d1dcdf8d7b496b1a05d98ebae9303c18b956
- SHA512
  
  38b91983dbc23e6bbb3443045aea54952f93da08ce68aa661583c9522c30a9e22a1c16bf99bfdc6a39a8a4bae353ef12ba978357ab8a3315fde2275bc4ff8579
- SSDEEP
  
  393216:Cv6y2gszSnnHTrQWQD59U/p+HZZPz+NJWRL4UPBu+89YWOcC16kh0upLTLrD9dO6:MwSnHTm59UhfJWRbPwYiC1euNrbO6
Score

7^/10

discovery
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetThreadContext
behavioral1 behavioral2
- Target
  
  XWorm V5.6/Xworm V5.6.exe
- Size
  
  14.9MB
- MD5
  
  56ccb739926a725e78a7acf9af52c4bb
- SHA1
  
  5b01b90137871c3c8f0d04f510c4d56b23932cbc
- SHA256
  
  90f58865f265722ab007abb25074b3fc4916e927402552c6be17ef9afac96405
- SHA512
  
  2fee662bc4a1a36ce7328b23f991fa4a383b628839e403d6eb6a9533084b17699a6c939509867a86e803aafef2f9def98fa9305b576dad754aa7f599920c19a1
- SSDEEP
  
  196608:P4/BAe1d4ihvy85JhhYc3BSL1kehn4inje:PuyIhhkRka4i
Score

1^/10
behavioral3 behavioral4
- Target
  
  XWorm V5.6/XwormLoader.exe
- Size
  
  576KB
- MD5
  
  f1a4c690564f491ad4f7fc8ce79e2fc3
- SHA1
  
  cc16274baae2af0c614566d56b693774fe892168
- SHA256
  
  0a3555b2ab1f76066c496eb43ebc520c82824a22cfcb714a75c5edc1ad99d88a
- SHA512
  
  f7a1116b889493c079000847f5517e9149d5dce703b85b1520ad1d4810c575500aab47460a6e0d7e266fa5ef70ba10d4b625587725251734404913844897e180
- SSDEEP
  
  12288:bwl4OwitTdBZpKfSTUNe/RhCEIX7RIiZmWJyGpfxd8KR0F7Br1dfPDWUw+b5/xgo:bwDdtTdBZISTACRhCE+Gi1yG
Score

7^/10

discovery
- Loads dropped DLL
- Suspicious use of SetThreadContext
behavioral5 behavioral6

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

stormkittyxworm

behavioral1

behavioral2

behavioral3

behavioral4

behavioral5

behavioral6