Overview

overview

10

Static

static

1

21d66da2e2...9.docx

windows7-x64

10

21d66da2e2...9.docx

windows10-2004-x64

1

Resubmissions

02/12/2024, 08:06

241202-jzm24sslbr 10

02/12/2024, 02:06

241202-cjtfmatnew 4

Sharing

Copy URL Twitter E-mail

General

  • Target

    21d66da2e2506afa8d351e3ce34d1f9a4de6d8305168c0c302987710d83a12b9.doc

  • Size

    424KB

  • Sample

    241202-jzm24sslbr

  • MD5

    44970a65ef51dafee89eb8c1c5258d80

  • SHA1

    6fbc5973d72f7141aeed349675e7679aa83a23b6

  • SHA256

    21d66da2e2506afa8d351e3ce34d1f9a4de6d8305168c0c302987710d83a12b9

  • SHA512

    3fa8c428845dd5fbd32024900e65a331372f115bd04af8deca53facd2d2837664133973a25a877f7ecf20333c0792567ce1616815ae7d73019140786f4f53b98

  • SSDEEP

    12288:dJ3PY3Q3lQ32AbgBUVv6QMwdV1yRLC8U3tZ:dpbCmtPQzGRLeZ

Score
10/10
xwormdiscoverypersistencerattrojan

Malware Config

Extracted

Family

xworm

C2

185.244.29.113:5563

Attributes
  • Install_directory

    %AppData%

  • install_file

    xwor.exe

Targets

    • Target

      21d66da2e2506afa8d351e3ce34d1f9a4de6d8305168c0c302987710d83a12b9.doc

    • Size

      424KB

    • MD5

      44970a65ef51dafee89eb8c1c5258d80

    • SHA1

      6fbc5973d72f7141aeed349675e7679aa83a23b6

    • SHA256

      21d66da2e2506afa8d351e3ce34d1f9a4de6d8305168c0c302987710d83a12b9

    • SHA512

      3fa8c428845dd5fbd32024900e65a331372f115bd04af8deca53facd2d2837664133973a25a877f7ecf20333c0792567ce1616815ae7d73019140786f4f53b98

    • SSDEEP

      12288:dJ3PY3Q3lQ32AbgBUVv6QMwdV1yRLC8U3tZ:dpbCmtPQzGRLeZ

    Score
    10/10
    xwormdiscoverypersistencerattrojan

    • Detect Xworm Payload

    • Xworm

      Xworm is a remote access trojan written in C#.

      trojanratxworm

    • Xworm family

      xworm

    • Drops startup file

    • Executes dropped EXE

    • Loads dropped DLL

    • Adds Run key to start application

      persistence

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks