Overview

overview

10

Static

static

10

Async Spoofer.exe

windows11-21h2-x64

10

Analysis

  • max time kernel
    31s
  • max time network
    33s
  • platform
    windows11-21h2_x64
  • resource
    win11-20241007-en
  • resource tags

    arch:x64arch:x86image:win11-20241007-enlocale:en-usos:windows11-21h2-x64system
  • submitted
    17-11-2024 19:34

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    Async Spoofer.exe

  • Size

    57KB

  • MD5

    61ad698be29af6af78a4d72cbecc612f

  • SHA1

    b58f0d473b9aa56b1b0e95322e2cbd4d9c273d12

  • SHA256

    12a60961e377b05f0dcd728e1e5f469754c3003c31024db47a83c940bf22b474

  • SHA512

    62ce8d5830697dcb2a57d44f3315dd5fcb201f0b8ca59ac95813aae67e0f2f34b99514460bbb49160ee9d80dca679b2be4335b93895a26a1b3cc26ce2d31e606

  • SSDEEP

    1536:50reWEbnUcMyU05dvIn7tbbYlsfRadLbekbOeED7:arLQUW5d+bbYlORaR6kbOeA

Score
10/10
xwormrattrojan

Malware Config

Extracted

Family

xworm

C2

sep-framing.gl.at.ply.gg:61526

Attributes
  • install_file

    USB.exe

Signatures

  • Detect Xworm Payload 1 IoCs
  • Xworm

    Xworm is a remote access trojan written in C#.

    trojanratxworm
  • Xworm family
    xworm
  • Looks up external IP address via web service 1 IoCs

    Uses a legitimate IP lookup service to find the infected system's external IP.

  • Suspicious use of AdjustPrivilegeToken 2 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\Async Spoofer.exe
    "C:\Users\Admin\AppData\Local\Temp\Async Spoofer.exe"
    1⤵
    • Suspicious use of AdjustPrivilegeToken
    PID:5980

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/5980-0-0x00007FFC2B1F3000-0x00007FFC2B1F5000-memory.dmp

    Filesize

    8KB

    Download

  • memory/5980-1-0x0000000000680000-0x0000000000694000-memory.dmp

    Filesize

    80KB

    Download

  • memory/5980-2-0x00007FFC2B1F0000-0x00007FFC2BCB2000-memory.dmp

    Filesize

    10.8MB

    Download

  • memory/5980-3-0x00007FFC2B1F0000-0x00007FFC2BCB2000-memory.dmp

    Filesize

    10.8MB

    Download