General

  • Target

    c678a8f61ccd104336e195e5021a798e85472f50eb36c69663fe06a4e666d4d3N

  • Size

    86KB

  • Sample

    241031-jqbbysvrbp

  • MD5

    1a3dc739a65084d93c9a712ff05cc030

  • SHA1

    00c78706bb006a064b5aeadb3519b83b0e33fbdb

  • SHA256

    c678a8f61ccd104336e195e5021a798e85472f50eb36c69663fe06a4e666d4d3

  • SHA512

    2013594f81fce4539845a9deadf41fc624e96b787b2bdd0fd267f25fdd893661b5b1d44b7f888191a76bc4fc74f499b7cb139a195c18ab7f39cfb703db54a5a6

  • SSDEEP

    1536:qz0RohobJavYs7VV1RxApqg5nVJEQb5z/M1CAsVqN56S9tO7wNAx3ZC3Ki:gUoiqVD7AnPb5/p8NJtO7wNA15i

Score
10/10

Malware Config

Extracted

Family

xworm

C2

foreign-olympic.gl.at.ply.gg:21710

147.185.221.23:21710

Attributes
  • Install_directory

    %Userprofile%

  • install_file

    USB.exe

  • telegram

    https://api.telegram.org/bot7517837255:AAFFYwsM3RAJTfnCWwagMLHeBQRG-F4UScg/sendMessage?chat_id=7538845070

Targets

    • Target

      c678a8f61ccd104336e195e5021a798e85472f50eb36c69663fe06a4e666d4d3N

    • Size

      86KB

    • MD5

      1a3dc739a65084d93c9a712ff05cc030

    • SHA1

      00c78706bb006a064b5aeadb3519b83b0e33fbdb

    • SHA256

      c678a8f61ccd104336e195e5021a798e85472f50eb36c69663fe06a4e666d4d3

    • SHA512

      2013594f81fce4539845a9deadf41fc624e96b787b2bdd0fd267f25fdd893661b5b1d44b7f888191a76bc4fc74f499b7cb139a195c18ab7f39cfb703db54a5a6

    • SSDEEP

      1536:qz0RohobJavYs7VV1RxApqg5nVJEQb5z/M1CAsVqN56S9tO7wNAx3ZC3Ki:gUoiqVD7AnPb5/p8NJtO7wNA15i

    Score
    10/10
    • Detect Xworm Payload

    • Xworm

      Xworm is a remote access trojan written in C#.

    • Xworm family

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

MITRE ATT&CK Matrix

Tasks