General
-
Target
SilverX.exe
-
Size
200KB
-
Sample
250119-vsvzxsxnbs
-
MD5
85611717773ecdbb940b47dd578d6d72
-
SHA1
e530d3944267ed11a0cd5268a9292711944c80a5
-
SHA256
2f5f9e2f38f97223d49ae4963dc784a85267bb28ab58608037fc2966044e382e
-
SHA512
83c741b22d63292205353995643ebbe431b585f9bb8bf69562ab60afa15851260162c933bde436a4024f53eac8a9d0fda1a07f510078cb7fe0f2f24a8e1c6d87
-
SSDEEP
1536:WhjHGD/AjWYonzgylm/KZ+bh9BKyBEoBsOa31P0hnTQPQlFr89OHpqp8DblJ79A5:rDo2ns/KZ+bhey1sOa31MhcPQ5C
Malware Config
Extracted
xworm
127.0.0.1:8848
-
Install_directory
%AppData%
-
install_file
SilverX.exe
Targets
-
-
Target
SilverX.exe
-
Size
200KB
-
MD5
85611717773ecdbb940b47dd578d6d72
-
SHA1
e530d3944267ed11a0cd5268a9292711944c80a5
-
SHA256
2f5f9e2f38f97223d49ae4963dc784a85267bb28ab58608037fc2966044e382e
-
SHA512
83c741b22d63292205353995643ebbe431b585f9bb8bf69562ab60afa15851260162c933bde436a4024f53eac8a9d0fda1a07f510078cb7fe0f2f24a8e1c6d87
-
SSDEEP
1536:WhjHGD/AjWYonzgylm/KZ+bh9BKyBEoBsOa31P0hnTQPQlFr89OHpqp8DblJ79A5:rDo2ns/KZ+bhey1sOa31MhcPQ5C
Score10/10-
Detect Xworm Payload
-
Xworm
Xworm is a remote access trojan written in C#.
-
Xworm family
-
Drops startup file
-
Adds Run key to start application
-
Mark of the Web detected: This indicates that the page was originally saved or cloned.
-