General

  • Target

    c1d3f338c8c1113b31487a7c1a9aa2bc7656031f117a77eaf95b78859a6d2a52N

  • Size

    78KB

  • Sample

    241030-1ke7dssarl

  • MD5

    f6e8c50ec340112a5af6743fef26caf0

  • SHA1

    7f4b761c19a5c04b11f509d8d72cb4baed70851b

  • SHA256

    c1d3f338c8c1113b31487a7c1a9aa2bc7656031f117a77eaf95b78859a6d2a52

  • SHA512

    c9fb14e0e6e14480577aeb1f3126c7a127fc579fa9ea00fb65c11f0ea3a5d762416ec35b0e5da0aafa8916204c82397a9ba5893b55ed49a94605a7f4310ebfb8

  • SSDEEP

    1536:vPjnwJaf6LXBYopc52OzEaSv0FLE7bJDBTPMjxQ6Llpyi7nOpkmHpNO0:vPzwJaf6LXBZA2OzEOF4bJ1kjL5nOpku

Score
10/10

Malware Config

Extracted

Family

xworm

C2

foreign-olympic.gl.at.ply.gg:21710

147.185.221.23:21710

Attributes
  • Install_directory

    %Userprofile%

  • install_file

    USB.exe

  • telegram

    https://api.telegram.org/bot7517837255:AAFFYwsM3RAJTfnCWwagMLHeBQRG-F4UScg/sendMessage?chat_id=7538845070

Targets

    • Target

      c1d3f338c8c1113b31487a7c1a9aa2bc7656031f117a77eaf95b78859a6d2a52N

    • Size

      78KB

    • MD5

      f6e8c50ec340112a5af6743fef26caf0

    • SHA1

      7f4b761c19a5c04b11f509d8d72cb4baed70851b

    • SHA256

      c1d3f338c8c1113b31487a7c1a9aa2bc7656031f117a77eaf95b78859a6d2a52

    • SHA512

      c9fb14e0e6e14480577aeb1f3126c7a127fc579fa9ea00fb65c11f0ea3a5d762416ec35b0e5da0aafa8916204c82397a9ba5893b55ed49a94605a7f4310ebfb8

    • SSDEEP

      1536:vPjnwJaf6LXBYopc52OzEaSv0FLE7bJDBTPMjxQ6Llpyi7nOpkmHpNO0:vPzwJaf6LXBZA2OzEOF4bJ1kjL5nOpku

    Score
    10/10
    • Detect Xworm Payload

    • Xworm

      Xworm is a remote access trojan written in C#.

    • Xworm family

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

MITRE ATT&CK Matrix

Tasks