Overview

overview

10

Static

static

10

wave.executor.exe

windows7-x64

10

wave.executor.exe

windows10-2004-x64

Sharing

Copy URL
Twitter E-mail

General

  • Target

    wave.executor.exe

  • Size

    79KB

  • Sample

    250121-3dc5kawnbv

  • MD5

    810d912112f579781879ada392b70a53

  • SHA1

    247bc212d2d44184bae484049765240ac9fa5c32

  • SHA256

    aee4ca6b2f3b07e85920f81b32acc5350d198439b181e997cd6a8e3ecbe9c939

  • SHA512

    30fb6d77563a3a0d6b94a9ea9fc2f67c6dda3dc3ac2afd4e968ec998f2eabd1797d751fdac491a979e68301efc633c47fb2668a8abd0c5f0dcff6d12ed8ead0e

  • SSDEEP

    1536:N/SpZjwaZD0YqEnwqaDrMk+bXxNEPZSBVGGmMRZOf4miljMt8xwR2:CEYqEwjrv+bB8DMRZOf4m8M+a2

Score
10/10
xwormpersistencerattrojan

Malware Config

Extracted

Family

xworm

C2

daily-sexually.gl.at.ply.gg:25670

Attributes
  • Install_directory

    %AppData%

  • install_file

    Update.exe

Targets

    • Target

      wave.executor.exe

    • Size

      79KB

    • MD5

      810d912112f579781879ada392b70a53

    • SHA1

      247bc212d2d44184bae484049765240ac9fa5c32

    • SHA256

      aee4ca6b2f3b07e85920f81b32acc5350d198439b181e997cd6a8e3ecbe9c939

    • SHA512

      30fb6d77563a3a0d6b94a9ea9fc2f67c6dda3dc3ac2afd4e968ec998f2eabd1797d751fdac491a979e68301efc633c47fb2668a8abd0c5f0dcff6d12ed8ead0e

    • SSDEEP

      1536:N/SpZjwaZD0YqEnwqaDrMk+bXxNEPZSBVGGmMRZOf4miljMt8xwR2:CEYqEwjrv+bB8DMRZOf4m8M+a2

    Score
    10/10
    xwormrattrojanpersistence

    • Detect Xworm Payload

    • Xworm

      Xworm is a remote access trojan written in C#.

      trojanratxworm

    • Xworm family

      xworm

    • Drops startup file

    • Adds Run key to start application

      persistence
    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks

We care about your privacy.

This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.