Overview

overview

10

Static

static

10

0515dceafb...ff.exe

windows7-x64

10

0515dceafb...ff.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    0515dceafb2ac3a01d779111aabc07e0876b573b67df42af4e183243e7c506ff.exe

  • Size

    326KB

  • Sample

    241031-xtqgyatpfp

  • MD5

    71e459322fc143c6f54fa4075bbea27f

  • SHA1

    91926031ae3212e02ac61236d89fc5e7cdb82655

  • SHA256

    0515dceafb2ac3a01d779111aabc07e0876b573b67df42af4e183243e7c506ff

  • SHA512

    d9cc7475086ba0e9818a49a2cd45d93d6e310a1c22d0c274a409b4124de982b5722ae5627aab49c8b47ff81d5b352e456ca8e7ce18a3e07d225f491e74963b9d

  • SSDEEP

    3072:iL30wxqS8+kb5g8InQO6J2l4mJe7UmuLchHPHo4bqRH33qGCNxxO7:40Klmbc/l4miUdLchvo4OlnqR

Score
10/10
xwormpersistencerattrojan

Malware Config

Extracted

Family

xworm

C2

23.ip.gl.ply.gg:40630

127.0.0.1:40630
Attributes
  • Install_directory

    %AppData%

  • install_file

    svchost.exe

Targets

    • Target

      0515dceafb2ac3a01d779111aabc07e0876b573b67df42af4e183243e7c506ff.exe

    • Size

      326KB

    • MD5

      71e459322fc143c6f54fa4075bbea27f

    • SHA1

      91926031ae3212e02ac61236d89fc5e7cdb82655

    • SHA256

      0515dceafb2ac3a01d779111aabc07e0876b573b67df42af4e183243e7c506ff

    • SHA512

      d9cc7475086ba0e9818a49a2cd45d93d6e310a1c22d0c274a409b4124de982b5722ae5627aab49c8b47ff81d5b352e456ca8e7ce18a3e07d225f491e74963b9d

    • SSDEEP

      3072:iL30wxqS8+kb5g8InQO6J2l4mJe7UmuLchHPHo4bqRH33qGCNxxO7:40Klmbc/l4miUdLchvo4OlnqR

    Score
    10/10
    xwormpersistencerattrojan

    • Detect Xworm Payload

    • Xworm

      Xworm is a remote access trojan written in C#.

      trojanratxworm

    • Xworm family

      xworm

    • Drops startup file

    • Adds Run key to start application

      persistence
    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks