Overview

overview

10

Static

static

10

FIX.exe

windows7-x64

10

FIX.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    FIX.exe

  • Size

    72KB

  • Sample

    250119-jyj9tszrgz

  • MD5

    2e29bad58db43ee1ad1d04cf20264ee6

  • SHA1

    5efb45dcae46ec90af78a14aa42f43ee8821ed87

  • SHA256

    d7d2ed1f5d39a5aab17d231ee0766b245ae4c2ff5a22fdd9ac66e690958b17e3

  • SHA512

    b80b15b614a269df7ee428f35fa614fa588d5efe520f35e10b0039074a5d5368ef20a6155df4c531782f49fc1dd0ebd9daae302e59cfec36c9816d8c91da450d

  • SSDEEP

    1536:9zbQ+8n8qytjvF7u06Do3z4cXoD+bFBAFSgEi85phiS6r4pOO426F:9vQ+88qyVF7u0Goj4cYD+bFqA18O4d

Score
10/10
xwormexecutionrattrojan

Malware Config

Extracted

Family

xworm

C2

levels-lcd.gl.at.ply.gg:43683

Attributes
  • install_file

    USB.exe

Targets

    • Target

      FIX.exe

    • Size

      72KB

    • MD5

      2e29bad58db43ee1ad1d04cf20264ee6

    • SHA1

      5efb45dcae46ec90af78a14aa42f43ee8821ed87

    • SHA256

      d7d2ed1f5d39a5aab17d231ee0766b245ae4c2ff5a22fdd9ac66e690958b17e3

    • SHA512

      b80b15b614a269df7ee428f35fa614fa588d5efe520f35e10b0039074a5d5368ef20a6155df4c531782f49fc1dd0ebd9daae302e59cfec36c9816d8c91da450d

    • SSDEEP

      1536:9zbQ+8n8qytjvF7u06Do3z4cXoD+bFBAFSgEi85phiS6r4pOO426F:9vQ+88qyVF7u0Goj4cYD+bFqA18O4d

    Score
    10/10
    xwormexecutionrattrojan

    • Detect Xworm Payload

    • Xworm

      Xworm is a remote access trojan written in C#.

      trojanratxworm

    • Xworm family

      xworm

    • Command and Scripting Interpreter: PowerShell

      Run Powershell to modify Windows Defender settings to add exclusions for file extensions, paths, and processes.

      execution

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Deletes itself

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks