Overview

overview

10

Static

static

5

newtt.pdf.exe

windows7-x64

10

newtt.pdf.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    03122024_0023_ttpayment.img.iso

  • Size

    1.5MB

  • Sample

    241203-apgynszpht

  • MD5

    b104d76fabd0b1729c74982ae190165a

  • SHA1

    fc25173735b5eff67f00c29a59af8c3bee458148

  • SHA256

    710eaf9862498e7ef2b2024783336c69bdb489ddc0b7028af6cc8510d19a733d

  • SHA512

    ffff14804251f3869f24a9fea7687ad29ac909e286ef99c3f6649d54ad8b81736e8eca23059cd122d9ff76980500f7caabad1eee73634a28f0336072bf794997

  • SSDEEP

    24576:Mu6J33O0c+JY5UZ+XC0kGso6FaP3pRbWY:Wu0c++OCvkGs9FavOY

Score
10/10
xwormdiscoverypersistencerattrojan

Malware Config

Targets

    • Target

      newtt.pdf.exe

    • Size

      972KB

    • MD5

      0897304e5e056318413b793477142018

    • SHA1

      09299856fae087ac29d25cea697d974858a77796

    • SHA256

      8999a5fbe146e6183a2bffaae420236be218f3de96342e67642af88b2847b480

    • SHA512

      90258358ec5bae8dc594b4521ecae40b17fd0e48749a6991eb0a461db1d47d4e415482ef911b3a15cfd96a4722a0441c3701dd40d4f805cd64dce9098fe8a8d9

    • SSDEEP

      24576:cu6J33O0c+JY5UZ+XC0kGso6FaP3pRbWY:Gu0c++OCvkGs9FavOY

    Score
    10/10
    xwormdiscoverypersistencerattrojan

    • Detect Xworm Payload

    • Xworm

      Xworm is a remote access trojan written in C#.

      trojanratxworm

    • Xworm family

      xworm

    • Drops startup file

    • Executes dropped EXE

    • Loads dropped DLL

    • Adds Run key to start application

      persistence

    • AutoIT Executable

      AutoIT scripts compiled to PE executables.

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks