General

  • Target

    dsdsssss.exe

  • Size

    188KB

  • Sample

    241029-zj4mxszbme

  • MD5

    c377741b2f645306ca78ac483f39c46b

  • SHA1

    fb23442e15c2d13906060eef2307d8627cf5fef3

  • SHA256

    f9975d77f8f179038fae4b3270519386b564b239ba1a84d8c63143d34b08e2ed

  • SHA512

    c358e38c01e5d881277c2309a1c984badbb2b5a1cecb3e41d1e8498d83e3e6ad4dd44bf703e51a8f10db4e184528362cf5060a3a80aa13f1e4875660956c0d26

  • SSDEEP

    3072:ECQRBbNkXyGeBbtk1pAD5OCdqOcriBpYuAM:ECcSidbtBPdh3x

Score
10/10

Malware Config

Extracted

Family

xworm

Attributes
  • Install_directory

    %LocalAppData%

  • install_file

    USB.exe

  • pastebin_url

    https://pastebin.com/raw/H3wFXmEi

Targets

    • Target

      dsdsssss.exe

    • Size

      188KB

    • MD5

      c377741b2f645306ca78ac483f39c46b

    • SHA1

      fb23442e15c2d13906060eef2307d8627cf5fef3

    • SHA256

      f9975d77f8f179038fae4b3270519386b564b239ba1a84d8c63143d34b08e2ed

    • SHA512

      c358e38c01e5d881277c2309a1c984badbb2b5a1cecb3e41d1e8498d83e3e6ad4dd44bf703e51a8f10db4e184528362cf5060a3a80aa13f1e4875660956c0d26

    • SSDEEP

      3072:ECQRBbNkXyGeBbtk1pAD5OCdqOcriBpYuAM:ECcSidbtBPdh3x

    Score
    10/10
    • Detect Xworm Payload

    • Xworm

      Xworm is a remote access trojan written in C#.

    • Xworm family

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

MITRE ATT&CK Matrix

Tasks