Overview

overview

10

Static

static

3

ItachiSupe...er.exe

windows7-x64

10

ItachiSupe...er.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    ItachiSuperSpoofer.exe

  • Size

    46KB

  • Sample

    241102-1gbd2ayqam

  • MD5

    bbcc30d76b31b102204c01d112f98b15

  • SHA1

    a05e5f69ab886c58e695e5f545b34193fce169a7

  • SHA256

    e3bd1735607a84ce63f2678c0e3b5397f665a2826c5603b53345072a91c5d815

  • SHA512

    502237bc308be48adb6ddfef3edd7db045aaa6dd9712fd026a5e51fbe3011faaa50ca8fb8f11f4a4ad67e4398da84acd5281768e9856d6cede8a420d1e2327b9

  • SSDEEP

    768:tc4O3Um5dr30Cn2W/AD1JeM7XzYc/cEzwsf9K0g6tJhZW9s:t6km5dX2WYDrvxz5XgCRb

Score
10/10
xwormpersistencerattrojan

Malware Config

Extracted

Family

xworm

Version

5.0

C2

ensure-manual.gl.at.ply.gg:41199

Mutex

v67WFYQWDnW3aeSs

Attributes
  • Install_directory

    %AppData%

  • install_file

    dllhost.exe

aes.plain

Targets

    • Target

      ItachiSuperSpoofer.exe

    • Size

      46KB

    • MD5

      bbcc30d76b31b102204c01d112f98b15

    • SHA1

      a05e5f69ab886c58e695e5f545b34193fce169a7

    • SHA256

      e3bd1735607a84ce63f2678c0e3b5397f665a2826c5603b53345072a91c5d815

    • SHA512

      502237bc308be48adb6ddfef3edd7db045aaa6dd9712fd026a5e51fbe3011faaa50ca8fb8f11f4a4ad67e4398da84acd5281768e9856d6cede8a420d1e2327b9

    • SSDEEP

      768:tc4O3Um5dr30Cn2W/AD1JeM7XzYc/cEzwsf9K0g6tJhZW9s:t6km5dX2WYDrvxz5XgCRb

    Score
    10/10
    xwormpersistencerattrojan

    • Detect Xworm Payload

    • Xworm

      Xworm is a remote access trojan written in C#.

      trojanratxworm

    • Xworm family

      xworm

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Drops startup file

    • Executes dropped EXE

    • Adds Run key to start application

      persistence
    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks