Overview

overview

10

Static

static

3

TaskHost.exe

windows11-21h2-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    TaskHost.exe

  • Size

    107KB

  • Sample

    241105-weeapavmes

  • MD5

    4d06963d7c33e9b7e2885ff12ea60e9d

  • SHA1

    c6fcdc1f700a7acdf67116894cf615a57d8bcb3e

  • SHA256

    f1019aa9fc34248f9a0fbb425d49b76fef4def91f83a72f7ccadb89a4b542c26

  • SHA512

    c4ecc1e99b85548cb6c16a11aa0d0b4043fb1705a35990f658cab852537ee7240cbb33aa3c9d849477b14294188dd2e7a634f96f8a40a0358e96a2d5d0502c30

  • SSDEEP

    1536:vVvKDxm/PBlYBe2qJU0F4AvGIXj4wNGtTkgP4kQx3T7sglLg2q85c/avK7R9q:d2x+Bl/8AvNFNGtTkgw/x3f7cjsiFk

Score
10/10
xwormdiscoveryrattrojan

Malware Config

Extracted

Family

xworm

C2

93.123.109.89:7000

Attributes
  • Install_directory

    %Temp%

  • install_file

    BackgroundTaskHost.exe

Targets

    • Target

      TaskHost.exe

    • Size

      107KB

    • MD5

      4d06963d7c33e9b7e2885ff12ea60e9d

    • SHA1

      c6fcdc1f700a7acdf67116894cf615a57d8bcb3e

    • SHA256

      f1019aa9fc34248f9a0fbb425d49b76fef4def91f83a72f7ccadb89a4b542c26

    • SHA512

      c4ecc1e99b85548cb6c16a11aa0d0b4043fb1705a35990f658cab852537ee7240cbb33aa3c9d849477b14294188dd2e7a634f96f8a40a0358e96a2d5d0502c30

    • SSDEEP

      1536:vVvKDxm/PBlYBe2qJU0F4AvGIXj4wNGtTkgP4kQx3T7sglLg2q85c/avK7R9q:d2x+Bl/8AvNFNGtTkgw/x3f7cjsiFk

    Score
    10/10
    xwormdiscoveryrattrojan

    • Detect Xworm Payload

    • Xworm

      Xworm is a remote access trojan written in C#.

      trojanratxworm

    • Xworm family

      xworm

    • Uses the VBS compiler for execution

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    • Suspicious use of SetThreadContext

    behavioral1

MITRE ATT&CK Enterprise v15

Tasks