Overview

overview

10

Static

static

10

WaveCrack.rar

windows11-21h2-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    WaveCrack.rar

  • Size

    136KB

  • Sample

    241105-jez6yawpht

  • MD5

    6452a7f768f0357061b733131b672a20

  • SHA1

    d6c51dd81980bfcc5533edc2856e9ecb5a4f66aa

  • SHA256

    5e7a6acfd7c6bc7636db2a541c1c44acedd943f91d75b055a6d406de1760819e

  • SHA512

    805759656743597a993071548edf6ee2f7dc7283f107356749d6ee72469bd4e0708cadb9aed1c8f8ac74f0d0e51598779e61243969ec835a2f739d05d4b9fe42

  • SSDEEP

    3072:WOATWx20sZT/4p0oWExnIRtVe99moX27iXV27hk:WZ6EV/5EJSHsoo/V27a

Score
10/10
xwormexecutionpersistencerattrojan

Malware Config

Extracted

Family

xworm

Version

5.0

C2

file-gravity.gl.at.ply.gg:56728

Mutex

wAJEaDvS5CXHsdfi

Attributes
  • Install_directory

    %AppData%

  • install_file

    msedge.exe

aes.plain

Targets

    • Target

      WaveCrack.rar

    • Size

      136KB

    • MD5

      6452a7f768f0357061b733131b672a20

    • SHA1

      d6c51dd81980bfcc5533edc2856e9ecb5a4f66aa

    • SHA256

      5e7a6acfd7c6bc7636db2a541c1c44acedd943f91d75b055a6d406de1760819e

    • SHA512

      805759656743597a993071548edf6ee2f7dc7283f107356749d6ee72469bd4e0708cadb9aed1c8f8ac74f0d0e51598779e61243969ec835a2f739d05d4b9fe42

    • SSDEEP

      3072:WOATWx20sZT/4p0oWExnIRtVe99moX27iXV27hk:WZ6EV/5EJSHsoo/V27a

    Score
    10/10
    xwormexecutionpersistencerattrojan

    • Detect Xworm Payload

    • Xworm

      Xworm is a remote access trojan written in C#.

      trojanratxworm

    • Xworm family

      xworm

    • Command and Scripting Interpreter: PowerShell

      Run Powershell to modify Windows Defender settings to add exclusions for file extensions, paths, and processes.

      execution

    • Drops startup file

    • Executes dropped EXE

    • Adds Run key to start application

      persistence
    behavioral1

MITRE ATT&CK Enterprise v15

Tasks