General

  • Target

    3beedf521d4191f67b99f81c8aed2ac73b422ce7d147dbba2f842046874d030c

  • Size

    302KB

  • Sample

    241029-1w2jrszjhy

  • MD5

    55ad9fefaab3c3cc2020c5dbf692efae

  • SHA1

    e7a12a4da4466b1d5e438d5b52e1fe6db1a404b6

  • SHA256

    3beedf521d4191f67b99f81c8aed2ac73b422ce7d147dbba2f842046874d030c

  • SHA512

    14bbd1d25f97b6a50526bef7653864db30bf1c70e9138ccadc838107b7f4f6b442235058ba629b5ec62a9e2f2ba1cd44e583e8258c1352d6869eb67a59970195

  • SSDEEP

    3072:XHlbCn9TFAZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZ+ZZZZZZZZZZZZZZZZZZ2:Vbo+GIIIIIIIhIIIIIIIIIIIIIIIU

Score
10/10

Malware Config

Extracted

Family

xworm

C2

23.ip.gl.ply.gg:8806

Attributes
  • Install_directory

    %ProgramData%

  • install_file

    adX5dlient.exe

Targets

    • Target

      3beedf521d4191f67b99f81c8aed2ac73b422ce7d147dbba2f842046874d030c

    • Size

      302KB

    • MD5

      55ad9fefaab3c3cc2020c5dbf692efae

    • SHA1

      e7a12a4da4466b1d5e438d5b52e1fe6db1a404b6

    • SHA256

      3beedf521d4191f67b99f81c8aed2ac73b422ce7d147dbba2f842046874d030c

    • SHA512

      14bbd1d25f97b6a50526bef7653864db30bf1c70e9138ccadc838107b7f4f6b442235058ba629b5ec62a9e2f2ba1cd44e583e8258c1352d6869eb67a59970195

    • SSDEEP

      3072:XHlbCn9TFAZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZ+ZZZZZZZZZZZZZZZZZZ2:Vbo+GIIIIIIIhIIIIIIIIIIIIIIIU

    Score
    10/10
    • Detect Xworm Payload

    • Xworm

      Xworm is a remote access trojan written in C#.

    • Xworm family

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

MITRE ATT&CK Matrix

Tasks