Overview

overview

10

Static

static

10

Roblox cheat.exe

windows7-x64

10

Roblox cheat.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    Roblox cheat.exe

  • Size

    71KB

  • Sample

    241111-1xcxsswqct

  • MD5

    f24d23861ae25a5e29ed07ce2edf23ae

  • SHA1

    f44fb5843e43b04f2ab6d372131f780cc4d93e22

  • SHA256

    aeb935a0eed839b1670d762dba8c2ccf443340d4344178070c74be2e666e8e0c

  • SHA512

    4c037c2a699a2349d092686ac18697278d4a52c01752234f4fd3ea2578f8f321557ecd40616ce060fd0ae24411dca9de1f01794cd44a860ed889cbdaf05e2cbe

  • SSDEEP

    1536:n5+ZIZ0yIelWO+4ZbjClLVUwNNyO3wQZS:n5+Z9yIIWOhZbjyUQMOAaS

Score
10/10
xwormpersistencerattrojan

Malware Config

Extracted

Family

xworm

Version

3.1

C2

147.185.221.23:53631

Attributes
  • Install_directory

    %AppData%

  • install_file

    USB.exe

Targets

    • Target

      Roblox cheat.exe

    • Size

      71KB

    • MD5

      f24d23861ae25a5e29ed07ce2edf23ae

    • SHA1

      f44fb5843e43b04f2ab6d372131f780cc4d93e22

    • SHA256

      aeb935a0eed839b1670d762dba8c2ccf443340d4344178070c74be2e666e8e0c

    • SHA512

      4c037c2a699a2349d092686ac18697278d4a52c01752234f4fd3ea2578f8f321557ecd40616ce060fd0ae24411dca9de1f01794cd44a860ed889cbdaf05e2cbe

    • SSDEEP

      1536:n5+ZIZ0yIelWO+4ZbjClLVUwNNyO3wQZS:n5+Z9yIIWOhZbjyUQMOAaS

    Score
    10/10
    xwormpersistencerattrojan

    • Detect Xworm Payload

    • Xworm

      Xworm is a remote access trojan written in C#.

      trojanratxworm

    • Xworm family

      xworm

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Drops startup file

    • Executes dropped EXE

    • Adds Run key to start application

      persistence
    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks