96f92d251a44edad3994c0bc22bd063124fbdf0c18eae81f2a35119542546f0c | Triage

Sharing

General

Target

XWorm-Remote-Access-Tool-main.zip
Size

4.9MB
Sample

241119-we2e8ayngs
MD5

c29e5cac95dd0b675f226b0fcfb7fb2c
SHA1

174a1dc6aa9131f31e1be7e79422ca13d2720fb8
SHA256

96f92d251a44edad3994c0bc22bd063124fbdf0c18eae81f2a35119542546f0c
SHA512

65de4c8399601a62b67bc1c85ed202519f9131964049c00d7928402ce69074ab58f787066725c026e470fd1f02ad2066c0b8b62df655cd2c07ce49b3a3bbc877
SSDEEP

98304:TKF5kw1zDBMXSV5yH6FhCUJ4LGH2TqYeRTy6Im81Xvm/UxRmBMGxaz5naWiFk:Wc0eK5yaSU6GH2Th2TysEfmsn/GFk

Score

8^/10

defense_evasion discovery

Malware Config

Targets

- Target
  
  XWorm-Remote-Access-Tool-main/xworm.exe
- Size
  
  227KB
- MD5
  
  f25ef9e7998ae6d7db70c919b1d9636b
- SHA1
  
  572146d53d0d7b3c912bc6a24f458d67b77a53fe
- SHA256
  
  7face24db4aa43220ebc4d3afb6c739307f8b653c686b829fb1cb6091695c113
- SHA512
  
  d8682cdb5876f9ffe6aa8856d5ffa8c168afd25fc927781d80d129491fa04aabf045f01d13ffb51e3db9773367cc00fce466e1ef7af11bfc3d7af13df06cc17c
- SSDEEP
  
  6144:YdAfHWAy5hne6jlVg1jCYRCuAOm6Tw8ym:Yqf7y5he6DkQutw8ym
Score

8^/10

defense_evasion discovery
- Blocklisted process makes network request
- Obfuscated Files or Information: Command Obfuscation
  Adversaries may obfuscate content during command execution to impede detection.
  defense_evasion
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Obfuscated Files or Information

Command Obfuscation

Credential Access

Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

defense_evasiondiscovery

behavioral2

defense_evasiondiscovery