Overview

overview

10

Static

static

10

Test.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    Test.exe

  • Size

    35KB

  • Sample

    250118-zyfveavram

  • MD5

    74205cedc0e8cc066cd983960d7a468f

  • SHA1

    146990b7b4ccf7b3ea747b043397a80a8db3e60c

  • SHA256

    3013b5ecd8ed141120e775874964273c7edbe30cd5b47fd0a276e730e7f973ef

  • SHA512

    979b24371ba77f7241e412ca2154244e063a4e2896eeae23e7b3df0c465fc42538c507bc7e0634012601600a5cda675b2ef9dbb971f64564f56df0226612f1b8

  • SSDEEP

    768:UDMfF7zLKYs2Byj57uddqL79Fk9wmO/h2/22L:UkF7HKYs/1Ed0Fk9wmO/Au2L

Score
10/10
xwormpersistencerattrojan

Malware Config

Extracted

Family

xworm

Version

5.0

C2

ensure-manual.gl.at.ply.gg:9321

Mutex

uQwGzMlYjddKytmr

Attributes
  • Install_directory

    %AppData%

  • install_file

    dllhost.exe

aes.plain

Targets

    • Target

      Test.exe

    • Size

      35KB

    • MD5

      74205cedc0e8cc066cd983960d7a468f

    • SHA1

      146990b7b4ccf7b3ea747b043397a80a8db3e60c

    • SHA256

      3013b5ecd8ed141120e775874964273c7edbe30cd5b47fd0a276e730e7f973ef

    • SHA512

      979b24371ba77f7241e412ca2154244e063a4e2896eeae23e7b3df0c465fc42538c507bc7e0634012601600a5cda675b2ef9dbb971f64564f56df0226612f1b8

    • SSDEEP

      768:UDMfF7zLKYs2Byj57uddqL79Fk9wmO/h2/22L:UkF7HKYs/1Ed0Fk9wmO/Au2L

    Score
    10/10
    xwormpersistencerattrojan

    • Detect Xworm Payload

    • Xworm

      Xworm is a remote access trojan written in C#.

      trojanratxworm

    • Xworm family

      xworm

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Drops startup file

    • Executes dropped EXE

    • Adds Run key to start application

      persistence
    behavioral1

MITRE ATT&CK Enterprise v15

Tasks