Overview

overview

10

Static

static

10

062461857e...aN.exe

windows7-x64

10

062461857e...aN.exe

windows10-2004-x64

10

Sharing

Copy URL Twitter E-mail

General

  • Target

    062461857e5d9245146b35c96ed858e5b4d0532e94acba9f656ef35ec044997aN.exe

  • Size

    47KB

  • Sample

    241204-clckwswme1

  • MD5

    5c33e34d6de7eaef0f2cd84924ec3130

  • SHA1

    c168435c3b9b1600a455b09d6f6306eb9d00b5b9

  • SHA256

    062461857e5d9245146b35c96ed858e5b4d0532e94acba9f656ef35ec044997a

  • SHA512

    413130855a75f9362bb11cc477205ccef750c696681f2a34fb17d1b4b6dc7e944c2377b179fd790326fb68c746c77eafcaeac93f17e64044fa8e9f104b6bc332

  • SSDEEP

    768:aBoVSTAPW9jllp0XMtd70hq30gzbGYxIXDZVpNf3SOwht7a1ehV:eHL9jldFwszbGYuTpIOwL0E

Score
10/10
xwormpersistencerattrojan

Malware Config

Extracted

Family

xworm

Version

3.0

C2

16.ip.gl.ply.gg:41909

Attributes
  • Install_directory

    %AppData%

  • install_file

    USB.exe

Targets

    • Target

      062461857e5d9245146b35c96ed858e5b4d0532e94acba9f656ef35ec044997aN.exe

    • Size

      47KB

    • MD5

      5c33e34d6de7eaef0f2cd84924ec3130

    • SHA1

      c168435c3b9b1600a455b09d6f6306eb9d00b5b9

    • SHA256

      062461857e5d9245146b35c96ed858e5b4d0532e94acba9f656ef35ec044997a

    • SHA512

      413130855a75f9362bb11cc477205ccef750c696681f2a34fb17d1b4b6dc7e944c2377b179fd790326fb68c746c77eafcaeac93f17e64044fa8e9f104b6bc332

    • SSDEEP

      768:aBoVSTAPW9jllp0XMtd70hq30gzbGYxIXDZVpNf3SOwht7a1ehV:eHL9jldFwszbGYuTpIOwL0E

    Score
    10/10
    xwormpersistencerattrojan

    • Detect Xworm Payload

    • Xworm

      Xworm is a remote access trojan written in C#.

      trojanratxworm

    • Xworm family

      xworm

    • Adds Run key to start application

      persistence
    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks