Overview

overview

10

Static

static

1

63Rl7D.html

windows11-21h2-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    63Rl7D

  • Size

    512B

  • Sample

    241019-vdwmxawfpc

  • MD5

    09488fe5978b285f6eb427385a60330a

  • SHA1

    a4c33163c12571070bef54151cbd53a821d2d59f

  • SHA256

    ef41d4fb862241ccaf6d02e35157e391436c69b0d33230120227c46414f4764f

  • SHA512

    f2ead5778353df33ddaeaff947f766afe3ca943228dc66e367397b1c3d399c14b3591b26c1ca346f1492ff9a622244aa6b67f68a0b93b516d7691d79f4615944

Score
10/10
hawkeyexwormdefense_evasiondiscoverykeyloggerratspywarestealertrojan

Malware Config

Extracted

Family

xworm

C2

longer-respect.gl.at.ply.gg:12320

Attributes
  • Install_directory

    %AppData%

  • install_file

    WindowsUpdate.exe

Targets

    • Target

      63Rl7D

    • Size

      512B

    • MD5

      09488fe5978b285f6eb427385a60330a

    • SHA1

      a4c33163c12571070bef54151cbd53a821d2d59f

    • SHA256

      ef41d4fb862241ccaf6d02e35157e391436c69b0d33230120227c46414f4764f

    • SHA512

      f2ead5778353df33ddaeaff947f766afe3ca943228dc66e367397b1c3d399c14b3591b26c1ca346f1492ff9a622244aa6b67f68a0b93b516d7691d79f4615944

    Score
    10/10
    hawkeyexwormdefense_evasiondiscoverykeyloggerratspywarestealertrojan

    • Detect Xworm Payload

    • HawkEye

      HawkEye is a malware kit that has seen continuous development since at least 2013.

      keyloggertrojanstealerspywarehawkeye

    • Xworm

      Xworm is a remote access trojan written in C#.

      trojanratxworm

    • Downloads MZ/PE file

    • Drops startup file

    • Executes dropped EXE

    behavioral1

MITRE ATT&CK Enterprise v15

Tasks