General

  • Target

    e771825b04205064413348d9cb3ed8d362ea6664ffbf7175a01d94cf449da48d.exe

  • Size

    456KB

  • Sample

    241204-gnhxxavlcy

  • MD5

    c35cbb80d05b911949dcb165d691a84a

  • SHA1

    cec153a8782c1e7101d1ed1decba3a227e6574cb

  • SHA256

    e771825b04205064413348d9cb3ed8d362ea6664ffbf7175a01d94cf449da48d

  • SHA512

    82f02ee4ad223703015a77dae34822279794a00425643cb59f1a98328b924f4a1a530732d92400529cffd8b9ccf47ede684ea8b91ec606ab47791d185550ca80

  • SSDEEP

    12288:Uh1Lk70TnvjcXiht42lGqxzSutAmdjoD9duJ7yK:wk70TrcSzljxugAmd8c

Malware Config

Targets

    • Target

      e771825b04205064413348d9cb3ed8d362ea6664ffbf7175a01d94cf449da48d.exe

    • Size

      456KB

    • MD5

      c35cbb80d05b911949dcb165d691a84a

    • SHA1

      cec153a8782c1e7101d1ed1decba3a227e6574cb

    • SHA256

      e771825b04205064413348d9cb3ed8d362ea6664ffbf7175a01d94cf449da48d

    • SHA512

      82f02ee4ad223703015a77dae34822279794a00425643cb59f1a98328b924f4a1a530732d92400529cffd8b9ccf47ede684ea8b91ec606ab47791d185550ca80

    • SSDEEP

      12288:Uh1Lk70TnvjcXiht42lGqxzSutAmdjoD9duJ7yK:wk70TrcSzljxugAmd8c

    • Detect Xworm Payload

    • Xworm

      Xworm is a remote access trojan written in C#.

    • Xworm family

    • Adds Run key to start application

MITRE ATT&CK Enterprise v15

Tasks