Overview

overview

10

Static

static

3

SteamCRACKED.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    SteamCRACKED.exe

  • Size

    293.0MB

  • Sample

    241111-14c65s1mcj

  • MD5

    224bcccbdd3ef2b84c25dea2dc23a033

  • SHA1

    a439d7112c853ea2138b57a68b703081467295b3

  • SHA256

    c1ab262588f30079f7c3c4ebcb9585264505fd555077a3680f5beac77ca48745

  • SHA512

    0148a011a4b5361f2e3924594a4c38021a8e4790cfc5509e537498e1d38bb244af2fb7881a95001bf677e087736c6d55c46eb7a36e39a8a59012e73e8adfce35

  • SSDEEP

    6144:PtBmb8WHz0L+GIIIIIIIhIIIIIIIIIIIIIIIU:lXmL

Score
10/10
xwormdiscoveryexecutionrattrojan

Malware Config

Extracted

Family

xworm

C2

193.161.193.99:63603

37.4.250.173:63603
Attributes
  • Install_directory

    %AppData%

  • install_file

    XwormV6.exe

Targets

    • Target

      SteamCRACKED.exe

    • Size

      293.0MB

    • MD5

      224bcccbdd3ef2b84c25dea2dc23a033

    • SHA1

      a439d7112c853ea2138b57a68b703081467295b3

    • SHA256

      c1ab262588f30079f7c3c4ebcb9585264505fd555077a3680f5beac77ca48745

    • SHA512

      0148a011a4b5361f2e3924594a4c38021a8e4790cfc5509e537498e1d38bb244af2fb7881a95001bf677e087736c6d55c46eb7a36e39a8a59012e73e8adfce35

    • SSDEEP

      6144:PtBmb8WHz0L+GIIIIIIIhIIIIIIIIIIIIIIIU:lXmL

    Score
    10/10
    xwormdiscoveryexecutionrattrojan

    • Detect Xworm Payload

    • Xworm

      Xworm is a remote access trojan written in C#.

      trojanratxworm

    • Xworm family

      xworm

    • Command and Scripting Interpreter: PowerShell

      Run Powershell to modify Windows Defender settings to add exclusions for file extensions, paths, and processes.

      execution

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Drops startup file

    behavioral1

MITRE ATT&CK Enterprise v15

Tasks