Overview

overview

10

Static

static

10

f6b66de58a...52.exe

windows7-x64

10

f6b66de58a...52.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    f6b66de58a074f12a5e25b27f868701071124e088415c7ba44f81b41aa57f752.exe

  • Size

    47KB

  • Sample

    241203-evj3fazkfx

  • MD5

    68ead50c6780f8cfcd34fc1c3d9d998a

  • SHA1

    071b72b8496fa68983cb77b319de6c93d1c7929a

  • SHA256

    f6b66de58a074f12a5e25b27f868701071124e088415c7ba44f81b41aa57f752

  • SHA512

    9b08430d93ee0296e338d3f59b0a57c13a4f0faf2b1f4d10f6cc602843569d130dcaeb3929dce21ce00cf13b6ffb9b7de42bc3ac177fd6f029545240e2c4464c

  • SSDEEP

    768:aBoVSTAPW9jllp0XMtd70hq30gzbGYxIXDZVpNf3SOwht7a1ehVY:eHL9jldFwszbGYuTpIOwL0EY

Score
10/10
xwormpersistencerattrojan

Malware Config

Extracted

Family

xworm

Version

3.0

C2

16.ip.gl.ply.gg:41909

Attributes
  • Install_directory

    %AppData%

  • install_file

    USB.exe

Targets

    • Target

      f6b66de58a074f12a5e25b27f868701071124e088415c7ba44f81b41aa57f752.exe

    • Size

      47KB

    • MD5

      68ead50c6780f8cfcd34fc1c3d9d998a

    • SHA1

      071b72b8496fa68983cb77b319de6c93d1c7929a

    • SHA256

      f6b66de58a074f12a5e25b27f868701071124e088415c7ba44f81b41aa57f752

    • SHA512

      9b08430d93ee0296e338d3f59b0a57c13a4f0faf2b1f4d10f6cc602843569d130dcaeb3929dce21ce00cf13b6ffb9b7de42bc3ac177fd6f029545240e2c4464c

    • SSDEEP

      768:aBoVSTAPW9jllp0XMtd70hq30gzbGYxIXDZVpNf3SOwht7a1ehVY:eHL9jldFwszbGYuTpIOwL0EY

    Score
    10/10
    xwormpersistencerattrojan

    • Detect Xworm Payload

    • Xworm

      Xworm is a remote access trojan written in C#.

      trojanratxworm

    • Xworm family

      xworm

    • Adds Run key to start application

      persistence
    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks