Overview

overview

10

Static

static

1

download.html

windows11-21h2-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    download

  • Size

    2KB

  • Sample

    250123-12n6maxmcr

  • MD5

    8c07f2e4c587ddb33c32e034fe17149c

  • SHA1

    18e31d80138535b44b5715e75e52efb08ecb136f

  • SHA256

    de9aa87bc82a074d5c5df9bea385442e878b2ecdfbb0c47c864fb19756a6f4e6

  • SHA512

    320bee58ed20a737c34d03aee9c875efdfa7877c26e9da0daeec092721b0bc52406c08ebe308becc3534a75da869d9b0839cf93bb1aac8f698a0851ee0e774ba

Score
10/10
xwormdiscoverypersistencerattrojan

Malware Config

Extracted

Family

xworm

Version

5.0

C2

87.120.116.179:1300

Mutex

k2ajRGAWWdwZwgsE

Attributes
  • install_file

    USB.exe

aes.plain

Targets

    • Target

      download

    • Size

      2KB

    • MD5

      8c07f2e4c587ddb33c32e034fe17149c

    • SHA1

      18e31d80138535b44b5715e75e52efb08ecb136f

    • SHA256

      de9aa87bc82a074d5c5df9bea385442e878b2ecdfbb0c47c864fb19756a6f4e6

    • SHA512

      320bee58ed20a737c34d03aee9c875efdfa7877c26e9da0daeec092721b0bc52406c08ebe308becc3534a75da869d9b0839cf93bb1aac8f698a0851ee0e774ba

    Score
    10/10
    xwormdiscoverypersistencerattrojan

    • Detect Xworm Payload

    • Xworm

      Xworm is a remote access trojan written in C#.

      trojanratxworm

    • Xworm family

      xworm

    • Adds Run key to start application

      persistence

    • Suspicious use of SetThreadContext

    behavioral1

MITRE ATT&CK Enterprise v15

Tasks