Overview

overview

10

Static

static

3

IMPUTACIÓ...85.exe

windows7-x64

10

IMPUTACIÓ...85.exe

windows10-2004-x64

10

IMPUTACIÓ...03.exe

windows7-x64

10

IMPUTACIÓ...03.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    b84b6568ba47a81bbd3ac90e9d704872.zip

  • Size

    2.3MB

  • Sample

    250123-ct5lmsymbk

  • MD5

    b84b6568ba47a81bbd3ac90e9d704872

  • SHA1

    5fcb2b51e1d9692a41f5ffa5c45dfcab78ea8d17

  • SHA256

    6fbf5136f3e1f1a0716e50d00cec8b2aaf861aa75af9dc05e6184101a9a34e1c

  • SHA512

    4228f129bd3ba5454749b2599fa476ee1906737a7bfbd186cadb04c2d4f8943199fd3c7c2578594b77f9642ceb85cc2121a58a58d85a8f53e3799a2cdfb102e9

  • SSDEEP

    49152:iw/dwcU5+b7lwTl12oYdpKzqVTL7ClwAGicMMqjPvk1K6n0gTdt2PBJr8F90uY4S:dScUwb7+p1N8pKGh+lPQH+kKS25+90us

Score
10/10
xwormdiscoverypersistencerattrojan

Malware Config

Extracted

Family

xworm

Version

5.0

C2

87.120.116.179:1300

Mutex

3pcjWcNyT1CBwXjJ

Attributes
  • install_file

    USB.exe

aes.plain

Targets

    • Target

      IMPUTACIÓN JUDICIAL RAD. N° 0934485.exe

    • Size

      2.7MB

    • MD5

      9f237628fe8f748f36bd7ea029a8f8a3

    • SHA1

      f22b7ba378294b663e399638ea8e3774ec26e67d

    • SHA256

      273578237f003f666f7108d12a49f1f3bd60b0ec9b9da73bfc2b3eafda1fa767

    • SHA512

      193aeb2b939165d04563af8e7e98941f1052e156205ae0f69d146e710149fd38c53843758d736a93d0fa0e85eb6e25689f5be61221f03df5116a3a386ce2b007

    • SSDEEP

      49152:FKKe1YeEAYOW1+M5A8Qhkv2suhbV8h2gwW+svqiaFh:QKsW1+M5NQhHhbV8Qvh

    Score
    10/10
    xwormdiscoverypersistencerattrojan

    • Detect Xworm Payload

    • Xworm

      Xworm is a remote access trojan written in C#.

      trojanratxworm

    • Xworm family

      xworm

    • Adds Run key to start application

      persistence

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

    • Target

      IMPUTACIÓN JUDICIAL RAD. N° 0934485/3004_603.exe

    • Size

      2.7MB

    • MD5

      9f237628fe8f748f36bd7ea029a8f8a3

    • SHA1

      f22b7ba378294b663e399638ea8e3774ec26e67d

    • SHA256

      273578237f003f666f7108d12a49f1f3bd60b0ec9b9da73bfc2b3eafda1fa767

    • SHA512

      193aeb2b939165d04563af8e7e98941f1052e156205ae0f69d146e710149fd38c53843758d736a93d0fa0e85eb6e25689f5be61221f03df5116a3a386ce2b007

    • SSDEEP

      49152:FKKe1YeEAYOW1+M5A8Qhkv2suhbV8h2gwW+svqiaFh:QKsW1+M5NQhHhbV8Qvh

    Score
    10/10
    xwormdiscoverypersistencerattrojan

    • Detect Xworm Payload

    • Xworm

      Xworm is a remote access trojan written in C#.

      trojanratxworm

    • Xworm family

      xworm

    • Adds Run key to start application

      persistence

    • Suspicious use of SetThreadContext

    behavioral3behavioral4

MITRE ATT&CK Enterprise v15

Tasks