General

  • Target

    024d5a39a58cae8343c5ee34629868c6440ea7a3dce8a2f226c8161d5005d196.exe

  • Size

    35KB

  • Sample

    241101-cfpy2awalg

  • MD5

    1b76c0d5d1d6a5197d055223b134dcca

  • SHA1

    b8092605ecbb529a7372e42b7cbcda4b55e78ef1

  • SHA256

    024d5a39a58cae8343c5ee34629868c6440ea7a3dce8a2f226c8161d5005d196

  • SHA512

    27dad7330d431d48744d8aa348c6377deb51917a4f2ed6510ec6f9bbda55ea386ef3fd5e5039b921163d9d3c81f5423c6648062c0925d86cf05c63ca978805e3

  • SSDEEP

    384:vSBqVEqKykkTwusE+E33Rz3UXmbXLZoWR27vHsJQcXT/G58pkFyHBLTIZwgG+Vv1:EQDb3QIXDh7GVFy79evOjh2yED

Malware Config

Extracted

Family

xworm

Version

5.0

C2

didjmdk3nindi3nd.zapto.org:7000

70.241.39.14:7000

Mutex

Q6QXs3CM0drEuir0

Attributes
  • Install_directory

    %Userprofile%

  • install_file

    XC.exe

aes.plain

Extracted

Family

latentbot

C2

didjmdk3nindi3nd.zapto.org

Targets

    • Target

      024d5a39a58cae8343c5ee34629868c6440ea7a3dce8a2f226c8161d5005d196.exe

    • Size

      35KB

    • MD5

      1b76c0d5d1d6a5197d055223b134dcca

    • SHA1

      b8092605ecbb529a7372e42b7cbcda4b55e78ef1

    • SHA256

      024d5a39a58cae8343c5ee34629868c6440ea7a3dce8a2f226c8161d5005d196

    • SHA512

      27dad7330d431d48744d8aa348c6377deb51917a4f2ed6510ec6f9bbda55ea386ef3fd5e5039b921163d9d3c81f5423c6648062c0925d86cf05c63ca978805e3

    • SSDEEP

      384:vSBqVEqKykkTwusE+E33Rz3UXmbXLZoWR27vHsJQcXT/G58pkFyHBLTIZwgG+Vv1:EQDb3QIXDh7GVFy79evOjh2yED

    • Detect Xworm Payload

    • LatentBot

      Modular trojan written in Delphi which has been in-the-wild since 2013.

    • Latentbot family

    • Xworm

      Xworm is a remote access trojan written in C#.

    • Xworm family

    • Drops startup file

    • Adds Run key to start application

MITRE ATT&CK Enterprise v15

Tasks