Overview

overview

10

Static

static

3

8UU8B5W8VV.exe

windows10-ltsc 2021-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    8UU8B5W8VV.exe

  • Size

    297KB

  • Sample

    241103-phhzqathnl

  • MD5

    082976e714a0f693c0ecec066ebdecf7

  • SHA1

    cfb7949744a86a9cb3b483adeed0774d1608c2a4

  • SHA256

    ddf376949bfba2dc3a3b96f71a4daa5509f1a9fd5b7e7cd76c0c26bb47519eb1

  • SHA512

    dae2da7ac35267a7cc7aa9b9a67adb7bdef12f8377913261bc5221d02a3959bbe97e43d99edcab312d62349f54bfc4682ad47f3586351de9d39a8fa9acd608d3

  • SSDEEP

    6144:qPLuOE2FcpKJblg71etEk87aSDZ9K0B5zOchum8uVTGlx:6Li2FcpKLg71eeTaSDZ9Kq56cE

Score
10/10
xwormpersistencerattrojan

Malware Config

Extracted

Family

xworm

Version

5.0

C2

ensure-manual.gl.at.ply.gg:41199

Mutex

ZtTzf8WYbWwk3j1n

Attributes
  • Install_directory

    %AppData%

  • install_file

    dllhost.exe

aes.plain

Targets

    • Target

      8UU8B5W8VV.exe

    • Size

      297KB

    • MD5

      082976e714a0f693c0ecec066ebdecf7

    • SHA1

      cfb7949744a86a9cb3b483adeed0774d1608c2a4

    • SHA256

      ddf376949bfba2dc3a3b96f71a4daa5509f1a9fd5b7e7cd76c0c26bb47519eb1

    • SHA512

      dae2da7ac35267a7cc7aa9b9a67adb7bdef12f8377913261bc5221d02a3959bbe97e43d99edcab312d62349f54bfc4682ad47f3586351de9d39a8fa9acd608d3

    • SSDEEP

      6144:qPLuOE2FcpKJblg71etEk87aSDZ9K0B5zOchum8uVTGlx:6Li2FcpKLg71eeTaSDZ9Kq56cE

    Score
    10/10
    xwormpersistencerattrojan

    • Detect Xworm Payload

    • Xworm

      Xworm is a remote access trojan written in C#.

      trojanratxworm

    • Xworm family

      xworm

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Drops startup file

    • Executes dropped EXE

    • Adds Run key to start application

      persistence
    behavioral1

MITRE ATT&CK Enterprise v15

Tasks