Overview

overview

10

Static

static

10

AdapterFix...in.bat

windows10-ltsc 2021-x64

1

AdapterFix...er.ps1

windows10-ltsc 2021-x64

8

AdapterFix...r1.exe

windows10-ltsc 2021-x64

10

AdapterFix...10.exe

windows10-ltsc 2021-x64

10

AdapterFix...r2.exe

windows10-ltsc 2021-x64

10

AdapterFix...r3.exe

windows10-ltsc 2021-x64

10

AdapterFix...r4.exe

windows10-ltsc 2021-x64

10

AdapterFix...r5.exe

windows10-ltsc 2021-x64

10

AdapterFix...r6.exe

windows10-ltsc 2021-x64

10

AdapterFix...r7.exe

windows10-ltsc 2021-x64

10

AdapterFix...r8.exe

windows10-ltsc 2021-x64

10

AdapterFix...r9.exe

windows10-ltsc 2021-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    AdapterFixer.rar

  • Size

    477KB

  • Sample

    241117-ww48fawamp

  • MD5

    08a0bf813227afa7f919049140805669

  • SHA1

    9be865046b20001c1ec4255b2ba32e771da78eb1

  • SHA256

    e8d9387a90f56734ddddc802ece7da57c33b5fd4e099fb68bd6ab0c39cb21928

  • SHA512

    9626f730825b7a2a9ce62f8a13df9b3b78b6cbb55beb64dea7a2b2b6ea86f185a69bde71abd1c41a31541c8abb5038bfda11ddb91bc1e62e322b8710d77764c2

  • SSDEEP

    12288:u+OqHJOj9uElz+QqbyFIm/6kbywT4p7ONYmn0byoZXbyP:PJk5+Qq8Im/6kzsYYmn0bZXs

Score
10/10
xwormexecutionrattrojan

Malware Config

Extracted

Family

xworm

Version

5.0

C2

127.0.0.1:80

Mutex

yXRpjryvdRAwwze0

Attributes
  • install_file

    USB.exe

aes.plain
aes.plain
aes.plain
aes.plain
aes.plain
aes.plain
aes.plain
aes.plain
aes.plain
aes.plain

Targets

    • Target

      AdapterFixer/AdapterFixerNoAdmin.bat

    • Size

      582B

    • MD5

      e91d318819873e73fd83c79d43a92190

    • SHA1

      ca5419e602d6fedb7bc56f0dd73a288d63307838

    • SHA256

      af6189caa1b7ac6d2d2f58daf47f510d51eece4cefcfd1a2fb9e843f437aa4bb

    • SHA512

      2730445e89fa22ca26f48e60852224a5e5141fefaccdddb4df61f72c630db8332d08a975614259ca6d46b66c90fb3d2e70ee862620680148a4cdcbcaa87ec543

    Score
    1/10
    behavioral1

    • Target

      AdapterFixer/AdminDisabler.ps1

    • Size

      193B

    • MD5

      f5cb8323eefad78cf98b62f58f8f6d6c

    • SHA1

      0814d49c14d5fc00119a382120a530ec74c129c5

    • SHA256

      343462169546cbb716a87a1efbd6c5e2ed87a7accbb8ec7235e8489a65442031

    • SHA512

      5351df306f2c5df17e67c712de2ec63acb2cd0dc69ac119f263800864d9cb9694028d92385cc5a923f40e63e6af050dcbda2ba1ab70a2d81ebd9a148126cd3a8

    Score
    8/10
    execution

    • Command and Scripting Interpreter: PowerShell

      Using powershell.exe command.

      execution
    behavioral2

    • Target

      AdapterFixer/Modules/XerecaoMiner1.exe

    • Size

      148KB

    • MD5

      4f8c45750e19a32a646400f83d4409b5

    • SHA1

      eb3805fa6c29040122a8b21356a88bed0a7fa65f

    • SHA256

      9a870b79338f2d606a3a08b55870febc3ddc058b626b061e9f6dd8a743d08fb9

    • SHA512

      520d2dcb06e7181b96bc2ca54ba751905fbb60da67834a2107ee38cb5f4df87e495fd47309483aff9045e1bda54e0e8174ed9e0eba5ae21a0092a0764fe29c7a

    • SSDEEP

      1536:6vNtgwr3U4xcFE9jROjJ0jls3WGkoe6Us89T8r9AtnertLFl:6vN2EcFE9jROjKa3v7EskT8rmtIhl

    Score
    10/10
    xwormrattrojan

    • Detect Xworm Payload

    • Xworm

      Xworm is a remote access trojan written in C#.

      trojanratxworm

    • Xworm family

      xworm
    behavioral3

    • Target

      AdapterFixer/Modules/XerecaoMiner10.exe

    • Size

      148KB

    • MD5

      7769464001f2bbd2715566de37775864

    • SHA1

      46f61ba2eeafb6010cb1987195e6fa3185a37bd0

    • SHA256

      3630af78f2287fc47dbbf06a2a37134c22026c0a779532663009b95ca96766ff

    • SHA512

      763294fc42997af167b43617b83b436b65f6f2cf018ef7235de1874bb915e293e713f956b41a386e0f3e5b9e8dc5d1214e86aacf5722bbd0d81d08a727dc4d62

    • SSDEEP

      1536:GvNtgwa3U4xcFE9jgOjgwjls3WGkoe6Us89T8r9AtnertLFd:GvNbEcFE9jgOjja3v7EskT8rmtIhd

    Score
    10/10
    xwormrattrojan

    • Detect Xworm Payload

    • Xworm

      Xworm is a remote access trojan written in C#.

      trojanratxworm

    • Xworm family

      xworm
    behavioral4

    • Target

      AdapterFixer/Modules/XerecaoMiner2.exe

    • Size

      148KB

    • MD5

      551efdeb55e17cd07298eece4be43700

    • SHA1

      4fe9efc8f98cd23165e861966d419ac8992e80a7

    • SHA256

      b1320f91b456420cbfaa4b256825606216c12d8617e207986f7148f4128e0009

    • SHA512

      acb36663ea1bc0f974c2cc79e574cbea710ea1cf13cedd1c4ac819414d28b5cfcf6c2943b0b86bf1752d13b8b05c9b4c450bd57482cdba938449a1b2d68ac406

    • SSDEEP

      1536:LvNtgwr3U4xcFE9jYCOj3i0jls3WGkoe6Us89T8r9AtnertLFU:LvN2EcFE9jYCOjy0a3v7EskT8rmtIhU

    Score
    10/10
    xwormrattrojan

    • Detect Xworm Payload

    • Xworm

      Xworm is a remote access trojan written in C#.

      trojanratxworm

    • Xworm family

      xworm
    behavioral5

    • Target

      AdapterFixer/Modules/XerecaoMiner3.exe

    • Size

      148KB

    • MD5

      92241356bcd87ee3c3fdb26ae63b2071

    • SHA1

      e23e4750082fead731a63d8ebc13a6a677b162bc

    • SHA256

      bb19aa16454169f1958b77d53bf11b56bb0dcb786f98685e6f8d7de7da2f05ae

    • SHA512

      da04f20c03e01b03083848ef5bd3e6699a7c3be02e98235ec0510c5a745a677b9375c649a80e4a0168d6394281a621a52856617c435a296e58bbd96d45d15db6

    • SSDEEP

      1536:3vNtgwr3U4xcFE9jhNOjapjls3WGkoe6Us89T8r9AtnertLFv:3vN2EcFE9jhNOjEa3v7EskT8rmtIhv

    Score
    10/10
    xwormrattrojan

    • Detect Xworm Payload

    • Xworm

      Xworm is a remote access trojan written in C#.

      trojanratxworm

    • Xworm family

      xworm
    behavioral6

    • Target

      AdapterFixer/Modules/XerecaoMiner4.exe

    • Size

      148KB

    • MD5

      6c61dc801a6f493977a10a565e93e923

    • SHA1

      7fdafcb385cf3b5108c0f8c412487094f7a7b037

    • SHA256

      854607597374f20b0c0faf2fd4c3702f8914cfd042db01fbd1971f6552712713

    • SHA512

      333dedcec421c9a90f662092ca670dcb25f9cc1f3a929775df17554d5df0fc75befd5d4886dd63ea083887577f942d2479547abfc4cc8ecc5962b32510b419dc

    • SSDEEP

      1536:zvNtgwr3U4xcFE9jbwbOj3Xjls3WGkoe6Us89T8r9AtnertLFe:zvN2EcFE9jEbOjna3v7EskT8rmtIhe

    Score
    10/10
    xwormrattrojan

    • Detect Xworm Payload

    • Xworm

      Xworm is a remote access trojan written in C#.

      trojanratxworm

    • Xworm family

      xworm
    behavioral7

    • Target

      AdapterFixer/Modules/XerecaoMiner5.exe

    • Size

      148KB

    • MD5

      899017283860678a2247829c58ec3a35

    • SHA1

      81ae8b28986d13d4951c3240a04e9244deab3c9a

    • SHA256

      bd134a480889e73c9befd034b8aff16b353c84166128e53cba5fab98d2e29d77

    • SHA512

      2cfc6fed23cb54405ec4af30ef941f141fe72e43cc48d873be37c633c09b2ec3d8751917b476394c42b8c686f802846078b72c81dc521ce14bf85e18bf361594

    • SSDEEP

      1536:wvNtgwr3U4xcFE9jxOjA2jls3WGkoe6Us89T8r9AtnertLF5:wvN2EcFE9jxOjpa3v7EskT8rmtIh5

    Score
    10/10
    xwormrattrojan

    • Detect Xworm Payload

    • Xworm

      Xworm is a remote access trojan written in C#.

      trojanratxworm

    • Xworm family

      xworm
    behavioral8

    • Target

      AdapterFixer/Modules/XerecaoMiner6.exe

    • Size

      148KB

    • MD5

      c009f9bf7de435e8bb24236632af88d7

    • SHA1

      f7772181f54c5caea61e124075c6721bf71e1afb

    • SHA256

      4469319cb2b71584e149b7faa1c5f991d99d94ec15c376bbb65807de2cad2747

    • SHA512

      67fd7585c60f8f80dd73d0a20a13b05af72e974d32997aa4848bfd6120374e9b509647c003504d4399b3bb34bd098d1b3c70890e0fb9f11a9bea691800d78502

    • SSDEEP

      1536:gvNtgwr3U4xcFE9jeOjycjls3WGkoe6Us89T8r9AtnertLFo:gvN2EcFE9jeOjJa3v7EskT8rmtIho

    Score
    10/10
    xwormrattrojan

    • Detect Xworm Payload

    • Xworm

      Xworm is a remote access trojan written in C#.

      trojanratxworm

    • Xworm family

      xworm
    behavioral9

    • Target

      AdapterFixer/Modules/XerecaoMiner7.exe

    • Size

      148KB

    • MD5

      b78d554bad1168ea33de3745c7cd6ebb

    • SHA1

      12cde5847d4401871266e7c426aed413af3663ac

    • SHA256

      ce4ce7f31dedfd587ba061589c635a22e480350b30a6a595d21d3748a7717744

    • SHA512

      65881d3aabc346e4930d366f849f7d97144717c7ec0a4e8d24298e5967d3f5793de44f327767193ceeb762c4011108c844a0a2060c99ee391f0540547329acf3

    • SSDEEP

      1536:DvNtgwr3U4xcFE9jaKOj1ojls3WGkoe6Us89T8r9AtnertLFD:DvN2EcFE9jaKOjqa3v7EskT8rmtIhD

    Score
    10/10
    xwormrattrojan

    • Detect Xworm Payload

    • Xworm

      Xworm is a remote access trojan written in C#.

      trojanratxworm

    • Xworm family

      xworm
    behavioral10

    • Target

      AdapterFixer/Modules/XerecaoMiner8.exe

    • Size

      148KB

    • MD5

      8ba24028e6269a19a43ae029de60c0ff

    • SHA1

      b8622f0b7525780b5b361f4825a4416d5689ef0f

    • SHA256

      08a30ac266dfcfe2b4c9a2679a7f00a946b950e83e8102593df8d7ffb36a532d

    • SHA512

      3d86eb4c0ee27b2e1f6e37fe4db61ecf6a6213f3d9b15f6771a85074ea366c4f0ff15140325fcce5dff9262e695ced45cbc499038d54a4ed26c636cb34610fe5

    • SSDEEP

      1536:zvNtgwr3U4xcFE9jHOjW4jls3WGkoe6Us89T8r9AtnertLFS:zvN2EcFE9jHOjRa3v7EskT8rmtIhS

    Score
    10/10
    xwormrattrojan

    • Detect Xworm Payload

    • Xworm

      Xworm is a remote access trojan written in C#.

      trojanratxworm

    • Xworm family

      xworm
    behavioral11

    • Target

      AdapterFixer/Modules/XerecaoMiner9.exe

    • Size

      148KB

    • MD5

      36aa53a3f7ec0504300528898c0185c6

    • SHA1

      33d0bd31b08a50d437168fc3bfc89f4c52b3978a

    • SHA256

      25701d0d7dd20badeba5aa1367e24a99b816f83504126d75ef8cdbdaf5262764

    • SHA512

      c71a1f3b8432579bdf566d9c1c0ed2fa250cafd75d7c1754650186075da1401eece53f66a8fdd49d260c11fad4f42470995c0053fc986c5ae8cea3b23e742f29

    • SSDEEP

      1536:wvNtgwr3U4xcFE9jROjUUjls3WGkoe6Us89T8r9AtnertLFt:wvN2EcFE9jROjHa3v7EskT8rmtIht

    Score
    10/10
    xwormrattrojan

    • Detect Xworm Payload

    • Xworm

      Xworm is a remote access trojan written in C#.

      trojanratxworm

    • Xworm family

      xworm
    behavioral12

MITRE ATT&CK Enterprise v15

Tasks