Analysis
-
max time kernel
120s -
max time network
121s -
platform
windows7_x64 -
resource
win7-20240729-en -
resource tags
-
submitted
01/11/2024, 10:54
General
-
Target
fixdragmeinto.exe
-
Size
39KB
-
MD5
f7b4d28cc79e52c0ec939661cfcb43b7
-
SHA1
4e4a90809ee10f2c60cc10b958d3d3312c66f837
-
SHA256
50fe9f74d241c6c9932a2eb09d31ec4cc26deb5f0d2cf188b3495f5109186802
-
SHA512
9a8aeab356ae585765b218eb08ca1899cd8f039f5695b8e60eb61159644545dc13dd5e696abc32d4ffb76478d710c6a66517ccb9434b31ec72b4ce151dbe5521
-
SSDEEP
768:1QoCLOsasOf2P/k4UAIgkOIBhqUlPpstF5PF95GAuOMhY33I0x:1dCLOsasOfP9AIgkRhqU0FX95GtOMG4e
Score
10/10
Malware Config
Extracted
Family
xworm
Version
5.0
C2
behind-h.gl.at.ply.gg:1234
Mutex
yMjYmc487vXDJQa3
Attributes
-
Install_directory
%AppData%
-
install_file
XClient.exe
aes.plain
Signatures
-
Detect Xworm Payload 1 IoCs
-
Xworm
Xworm is a remote access trojan written in C#.
-
Xworm family
-
Looks up external IP address via web service 1 IoCs
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of AdjustPrivilegeToken 1 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\fixdragmeinto.exe"C:\Users\Admin\AppData\Local\Temp\fixdragmeinto.exe"1⤵
- Suspicious use of AdjustPrivilegeToken
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
4KB
-
Filesize
64KB
-
Filesize
9.9MB
-
Filesize
9.9MB