Analysis
-
max time kernel
140s -
max time network
151s -
platform
android_x64 -
resource
android-x64-arm64-20240624-en -
resource tags
-
submitted
11-11-2024 20:49
General
-
Target
https://gofile.io/d/VmL8Ux
Malware Config
Extracted
xworm
3.1
147.185.221.23:53631
-
Install_directory
%AppData%
-
install_file
USB.exe
Signatures
-
Detect Xworm Payload 2 IoCs
-
Xworm
Xworm is a remote access trojan written in C#.
-
Xworm family
-
Downloads MZ/PE file
-
Checks CPU information 2 TTPs 1 IoCs
-
Checks memory information 2 TTPs 1 IoCs
Processes
-
com.android.chrome1⤵
- Checks CPU information
- Checks memory information
Network
MITRE ATT&CK Mobile v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
32KB
MD591a8b3af77a192f15b94dfa33f7c449e
SHA15c68b5e571f628df7a6b0211cb79725ef78247af
SHA256b9c39e37d64f4b637f66e4f6f6ac32638a59ecadfebd2787aba49707b29d9ab5
SHA512e79603b51ee8771bbf79f00519d0c98627783eb3be43bfff3465022e2915856b99d751677355a13b295146c51bd3cfb50dddcfcb18c9ae12ae038ae5d8ff0e4e
-
Filesize
71KB
MD5f24d23861ae25a5e29ed07ce2edf23ae
SHA1f44fb5843e43b04f2ab6d372131f780cc4d93e22
SHA256aeb935a0eed839b1670d762dba8c2ccf443340d4344178070c74be2e666e8e0c
SHA5124c037c2a699a2349d092686ac18697278d4a52c01752234f4fd3ea2578f8f321557ecd40616ce060fd0ae24411dca9de1f01794cd44a860ed889cbdaf05e2cbe
-
Filesize
71KB
MD574b112aa1d855ee53484487b12848afd
SHA10433157de9663e1ca6f7f720370c9318e4e12abf
SHA256ab46d64893894e6aafb99c0b917b510a2db99c645d16a53d076cb4855b06a752
SHA5124c9b276b8bc2478508eda2c735cac4fb8cfaaef1c2850d41046136494d233b1807fddf63102f6f19eae89339fc8acfa8b2dd9178f71d1260a318434affade8dc
-
Filesize
520KB
MD5752bc862e57278b1262c95df5498738e
SHA12cdbd4797d070d698d7a76e5a73342ee9887d708
SHA2566afd8bfd4060ec57570085600c817c868ead06b090ffd7085630c62f25485d1c
SHA512e261de2834c9fdd778881dbf8b7816e4e2cc0d890c27b4243e8481d23efea93d503587b925c4bcf2ffa09c072ca70e36e2c3b2b883efae3d87f3a822e1a7be8d