Overview

overview

10

Static

static

3

6ab20425e9...fN.exe

windows7-x64

10

6ab20425e9...fN.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    6ab20425e9d7e31c23b1322acddae8b20e3fc3b0a6556963c6a15acbcb78814fN.exe

  • Size

    669KB

  • Sample

    241202-hsfh1szmgm

  • MD5

    553d0614fb3823f0a2c78b42ed9a06e0

  • SHA1

    9f1289ebaa73f9f3032b03dcececb312f53caa1c

  • SHA256

    6ab20425e9d7e31c23b1322acddae8b20e3fc3b0a6556963c6a15acbcb78814f

  • SHA512

    32400d9cae193d0cca8e00acd24b2d88dfc6bc987b4a6f9308a5ea9d42e05c0b0a9a22cef78793e163080a7b5e7b9f3eee86e986b7d91c01bd20e2c097b3407d

  • SSDEEP

    12288:vh1Lk70TnvjcH543dWjk9hd6kfKs3LmruGCb46pF4V:Lk70Trciyk9H6zyLi1C8UC

Score
10/10
xwormdiscoverypersistencerattrojan

Malware Config

Extracted

Family

xworm

Version

3.0

C2

22.ip.gl.ply.gg:42709

Attributes
  • Install_directory

    %AppData%

  • install_file

    USB.exe

Targets

    • Target

      6ab20425e9d7e31c23b1322acddae8b20e3fc3b0a6556963c6a15acbcb78814fN.exe

    • Size

      669KB

    • MD5

      553d0614fb3823f0a2c78b42ed9a06e0

    • SHA1

      9f1289ebaa73f9f3032b03dcececb312f53caa1c

    • SHA256

      6ab20425e9d7e31c23b1322acddae8b20e3fc3b0a6556963c6a15acbcb78814f

    • SHA512

      32400d9cae193d0cca8e00acd24b2d88dfc6bc987b4a6f9308a5ea9d42e05c0b0a9a22cef78793e163080a7b5e7b9f3eee86e986b7d91c01bd20e2c097b3407d

    • SSDEEP

      12288:vh1Lk70TnvjcH543dWjk9hd6kfKs3LmruGCb46pF4V:Lk70Trciyk9H6zyLi1C8UC

    Score
    10/10
    xwormdiscoverypersistencerattrojan

    • Detect Xworm Payload

    • Xworm

      Xworm is a remote access trojan written in C#.

      trojanratxworm

    • Xworm family

      xworm

    • Adds Run key to start application

      persistence
    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks