Analysis
-
max time kernel
120s -
max time network
121s -
platform
windows7_x64 -
resource
win7-20240903-en -
resource tags
-
submitted
01/11/2024, 01:17
General
-
Target
fix.exe
-
Size
40KB
-
MD5
b959b8c3505c2e17d3d944ba48d285f8
-
SHA1
0155afd2d2a57d3070a900bbb405145977300b7c
-
SHA256
ea8cd343d704a76b3f3dc8ffacdcfefb56f2d7571a68b42381146d91a9bb5526
-
SHA512
4fdef5114503fd8be5cfd64e945994dcde399239f0c03873a6cd48b2e7a030b99fb755e23f6dfc185274eb4f6712dee0d1ffc68b11d148e701819ebf576d6c47
-
SSDEEP
768:OFrGIhUKXBeFQOnHAvrSH7tF5Pa9qB9Owh43/mXZ:OueBehHAv6xF49qB9Owu+XZ
Score
10/10
Malware Config
Extracted
Family
xworm
Version
5.0
C2
behind-h.gl.at.ply.gg:44133
Mutex
B9kO57FG9eew8BnL
Attributes
-
Install_directory
%AppData%
-
install_file
XClient.exe
aes.plain
Signatures
-
Detect Xworm Payload 1 IoCs
-
Xworm
Xworm is a remote access trojan written in C#.
-
Xworm family
-
Looks up external IP address via web service 1 IoCs
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of AdjustPrivilegeToken 1 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\fix.exe"C:\Users\Admin\AppData\Local\Temp\fix.exe"1⤵
- Suspicious use of AdjustPrivilegeToken
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
4KB
-
Filesize
64KB
-
Filesize
9.9MB
-
Filesize
9.9MB