Overview

overview

10

Static

static

3

RV URGENTE...98.exe

windows7-x64

10

RV URGENTE...98.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    380388fcaff38d5d89c93393c3a16213.zip

  • Size

    933KB

  • Sample

    250121-t9ylpstjdx

  • MD5

    380388fcaff38d5d89c93393c3a16213

  • SHA1

    52a975c9352a613b33ca1a3551a045df2ceae16d

  • SHA256

    db6eb9175547a44fc6c466f35c75541ea8020852f027bbb55ddb876dd6c9f0fd

  • SHA512

    059a3c27ad2feda1b117dde32525894f024fbebd5f57e6298086b352ba080ceca7b1a26ade336e04c2d262f7042062252d4a5f342e0c3ad165202249d92a7770

  • SSDEEP

    24576:NG8L0wFpTSyF+vWMMDQS3Y4yZ6+2CaM8mqwJ6KfI:NGuSyn3nyZfBaiqwJ6z

Score
10/10
xwormdiscoverypersistencerattrojan

Malware Config

Extracted

Family

xworm

Version

5.0

C2

87.120.116.179:1300

Mutex

k2ajRGAWWdwZwgsE

Attributes
  • install_file

    USB.exe

aes.plain

Targets

    • Target

      RV URGENTE!!, NOTIFICACIÓN AUTO ASUME CONOCIMIENTO ACCIÓN DE TUTELA 2024-00198.exe

    • Size

      2.1MB

    • MD5

      a2a55857c207bceda9c7f57f0e2d6d00

    • SHA1

      5c54ca5c8dc1a54accc1fe633dabb732d03b9aa9

    • SHA256

      c8fcdd95c7781ad4d31631ef2d32fd375b0c19f2f5e0b672213d47a5486d51af

    • SHA512

      6759adb8e309de8d28dc37f3d0028798e92f60477e5685f30ea66c10406dbcdf17410106b7cb0c22d5b1131cc4701cee69a5a759fd09fc889de2df65f940fc4a

    • SSDEEP

      24576:YhJLQReYepwifQggqPyIzmH5loQgYrQAiMfXQg9wgKy+1gd7Z4:HD8gqP9zmH5l0YBt+gnAA7O

    Score
    10/10
    xwormdiscoverypersistencerattrojan

    • Detect Xworm Payload

    • Xworm

      Xworm is a remote access trojan written in C#.

      trojanratxworm

    • Xworm family

      xworm

    • Adds Run key to start application

      persistence

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks