Overview

overview

10

Static

static

3

Output.exe

windows7-x64

10

Output.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    Output.exe

  • Size

    85KB

  • Sample

    250121-wdhayswkgr

  • MD5

    3d87d953dfaeba0d03b7e121f7dc61c0

  • SHA1

    022b9c554d1b4eaa4bfa2a37f83b8d6bf1e50138

  • SHA256

    e3aa28ea62f9c5bd93e5b0375617d3403500093759edef26ef0630457fa0cf6c

  • SHA512

    866114ca2324d1caf746c7068ace685e775519f6df417a35b8ed7ca776f2162bde609bac256dae46e4cc72e9ac200cf5c0df502d19ffd28929ca90b1d6d95a88

  • SSDEEP

    1536:Rv+mKGsH/BSvsSWU8bzZcAsxfs3CrYAAWhOu5KNWXxUMMjdeGtrfpk19Jz8AQehy:5vkzuAsxJY6hX5PyMabNpk19JY4q7

Score
10/10
xwormdiscoverypersistenceransomwarerattrojan

Malware Config

Extracted

Family

xworm

C2

perfect-ringtones.gl.at.ply.gg:15597

Attributes
  • Install_directory

    %AppData%

  • install_file

    USB.exe

Targets

    • Target

      Output.exe

    • Size

      85KB

    • MD5

      3d87d953dfaeba0d03b7e121f7dc61c0

    • SHA1

      022b9c554d1b4eaa4bfa2a37f83b8d6bf1e50138

    • SHA256

      e3aa28ea62f9c5bd93e5b0375617d3403500093759edef26ef0630457fa0cf6c

    • SHA512

      866114ca2324d1caf746c7068ace685e775519f6df417a35b8ed7ca776f2162bde609bac256dae46e4cc72e9ac200cf5c0df502d19ffd28929ca90b1d6d95a88

    • SSDEEP

      1536:Rv+mKGsH/BSvsSWU8bzZcAsxfs3CrYAAWhOu5KNWXxUMMjdeGtrfpk19Jz8AQehy:5vkzuAsxJY6hX5PyMabNpk19JY4q7

    Score
    10/10
    xwormpersistencerattrojandiscoveryransomware

    • Detect Xworm Payload

    • Xworm

      Xworm is a remote access trojan written in C#.

      trojanratxworm

    • Xworm family

      xworm

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Drops startup file

    • Executes dropped EXE

    • Adds Run key to start application

      persistence

    • Sets desktop wallpaper using registry

      ransomware
    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks