General

  • Target

    c68ed5f218eda55143675dd53c306f2d54e2e5cefe7384a98f389fd10febc755.exe

  • Size

    37KB

  • Sample

    241202-vgnrgaynen

  • MD5

    676ed5d65adaf1ce797d701a2105c68b

  • SHA1

    55e1d519067c51f4f37a0cec01d64b4d763e6e7e

  • SHA256

    c68ed5f218eda55143675dd53c306f2d54e2e5cefe7384a98f389fd10febc755

  • SHA512

    2b0794b3278fe0a3bd668f044cc3c71b0c7757ed0cd3be74bcda71a2e23daad1df9974db6770c5d17c4ccce459d1f0bb505afbd2dc1b0b10e6d274825e72d0fd

  • SSDEEP

    768:8u7XSg/KJdyb+Kv+Zh/ZPF5PH9GqHOMhZICQ1f7L:NWrUJK9FN9GYOMoxR7L

Score
10/10

Malware Config

Extracted

Family

xworm

Version

3.1

C2

127.0.0.1:7000

Mutex

hrhJrWRRZU41Wc7l

Attributes
  • Install_directory

    %AppData%

  • install_file

    USB.exe

aes.plain

Targets

    • Target

      c68ed5f218eda55143675dd53c306f2d54e2e5cefe7384a98f389fd10febc755.exe

    • Size

      37KB

    • MD5

      676ed5d65adaf1ce797d701a2105c68b

    • SHA1

      55e1d519067c51f4f37a0cec01d64b4d763e6e7e

    • SHA256

      c68ed5f218eda55143675dd53c306f2d54e2e5cefe7384a98f389fd10febc755

    • SHA512

      2b0794b3278fe0a3bd668f044cc3c71b0c7757ed0cd3be74bcda71a2e23daad1df9974db6770c5d17c4ccce459d1f0bb505afbd2dc1b0b10e6d274825e72d0fd

    • SSDEEP

      768:8u7XSg/KJdyb+Kv+Zh/ZPF5PH9GqHOMhZICQ1f7L:NWrUJK9FN9GYOMoxR7L

    Score
    10/10
    • Detect Xworm Payload

    • Xworm

      Xworm is a remote access trojan written in C#.

    • Xworm family

    • Drops startup file

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

MITRE ATT&CK Enterprise v15

Tasks