Overview

overview

10

Static

static

3

uzTbbLmYiV.exe

windows10-ltsc 2021-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    uzTbbLmYiV.exe

  • Size

    178KB

  • Sample

    241109-znf3esvlgq

  • MD5

    76b12cd4302486469df2508f8e422205

  • SHA1

    52321aa15bf417250ac687f19813e06519dfcdfa

  • SHA256

    36f8beaf5de3dbab25f9bf1d27f215c3732eaef957623c0bf594e2d85296828d

  • SHA512

    550a1c51bbd4ebd7135b43a49c959c8c5fb6ee4876023714a84a7f9e72520ef383b4241529238e20d28fa4da0b72f190729f11390457266cc143ad488e257009

  • SSDEEP

    3072:19DdRKBQ8z6Ar7Hpo14eySdn5fZjSKndN9hFWPA1BZnfcgo1Qs08L:1hdRKBQ82LdbvfxSKnphBNneQs

Score
10/10
xwormpersistencerattrojan

Malware Config

Extracted

Family

xworm

Version

5.0

C2

23.ip.gl.ply.gg:39090

Mutex

Rh1oxiSykAHNyfxM

Attributes
  • Install_directory

    %ProgramData%

  • install_file

    svchost.exe

aes.plain

Targets

    • Target

      uzTbbLmYiV.exe

    • Size

      178KB

    • MD5

      76b12cd4302486469df2508f8e422205

    • SHA1

      52321aa15bf417250ac687f19813e06519dfcdfa

    • SHA256

      36f8beaf5de3dbab25f9bf1d27f215c3732eaef957623c0bf594e2d85296828d

    • SHA512

      550a1c51bbd4ebd7135b43a49c959c8c5fb6ee4876023714a84a7f9e72520ef383b4241529238e20d28fa4da0b72f190729f11390457266cc143ad488e257009

    • SSDEEP

      3072:19DdRKBQ8z6Ar7Hpo14eySdn5fZjSKndN9hFWPA1BZnfcgo1Qs08L:1hdRKBQ82LdbvfxSKnphBNneQs

    Score
    10/10
    xwormpersistencerattrojan

    • Detect Xworm Payload

    • Xworm

      Xworm is a remote access trojan written in C#.

      trojanratxworm

    • Xworm family

      xworm

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Adds Run key to start application

      persistence
    behavioral1

MITRE ATT&CK Enterprise v15

Tasks