Overview

overview

10

Static

static

10

testing.exe

windows11-21h2-x64

Sharing

Copy URL
Twitter E-mail

General

  • Target

    testing.exe

  • Size

    44KB

  • Sample

    241109-lpxvnsscrf

  • MD5

    b3971f1b65bb028eef9d391f20c302b0

  • SHA1

    82cddbc56599c38b5c26c699b3a395db5806d1c8

  • SHA256

    25e1a1ee163b55eb7457abe7d474ce661b84afd75bce36a56c1d8ca2aa563e00

  • SHA512

    89f2248fae356b927903adaa2bb6c4876eb87a43bda6a429e56fe0f159a4f92b3eb304c97b1ac37c7e3549c6dcfcb55cdfcc3d38372d5553b9d3eb7f283db2b4

  • SSDEEP

    768:nYUrZTtRt6dQxOBFxan7Jga/kbQ5aIqPuAka5XLOnhvLK4:Y63qdQ0BYJpkbQ5aIqNXLOnVV

Score
10/10
xwormpersistencerattrojan

Malware Config

Extracted

Family

xworm

C2

0.tcp.ap.ngrok.io:12725

Attributes
  • Install_directory

    %Public%

  • install_file

    hh.exe

Targets

    • Target

      testing.exe

    • Size

      44KB

    • MD5

      b3971f1b65bb028eef9d391f20c302b0

    • SHA1

      82cddbc56599c38b5c26c699b3a395db5806d1c8

    • SHA256

      25e1a1ee163b55eb7457abe7d474ce661b84afd75bce36a56c1d8ca2aa563e00

    • SHA512

      89f2248fae356b927903adaa2bb6c4876eb87a43bda6a429e56fe0f159a4f92b3eb304c97b1ac37c7e3549c6dcfcb55cdfcc3d38372d5553b9d3eb7f283db2b4

    • SSDEEP

      768:nYUrZTtRt6dQxOBFxan7Jga/kbQ5aIqPuAka5XLOnhvLK4:Y63qdQ0BYJpkbQ5aIqNXLOnVV

    Score
    10/10
    xwormpersistencerattrojan

    • Detect Xworm Payload

    • Xworm

      Xworm is a remote access trojan written in C#.

      trojanratxworm

    • Xworm family

      xworm

    • Drops startup file

    • Executes dropped EXE

    • Adds Run key to start application

      persistence

    • Legitimate hosting services abused for malware hosting/C2

    behavioral1

MITRE ATT&CK Enterprise v15

Tasks