Overview

overview

10

Static

static

3

2025-01-23...er.exe

windows7-x64

10

2025-01-23...er.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    2025-01-23_d3996214f88197fb442ae1f7da0f97a1_avoslocker_luca-stealer

  • Size

    2.7MB

  • Sample

    250123-f6p89svkdy

  • MD5

    d3996214f88197fb442ae1f7da0f97a1

  • SHA1

    763fdb9bf1ae9cba005c615daa37e296b532af38

  • SHA256

    1f9a3add3893270c1528481e9f4495b3730fa200bfca5664cc443ab2844851cd

  • SHA512

    3ae89356f4a4309ef2b4ae7fa8dca58e37d5f274bfd7d1af97d2eeecf069d9b8d003dac14512868c04f830ddfaa0683598cc0b27455fe4349b3b7e5e7a0a3cf6

  • SSDEEP

    49152:HKKe1YeEAYOW1+M5A8PYxNv9BRvQT+svqiaiv:qKsW1+M5NPYLv93vYv

Score
10/10
xwormdiscoverypersistencerattrojan

Malware Config

Extracted

Family

xworm

Version

5.0

C2

85.31.47.24:1888

Mutex

TexoB6dLilC3DNR6

Attributes
  • install_file

    USB.exe

aes.plain

Targets

    • Target

      2025-01-23_d3996214f88197fb442ae1f7da0f97a1_avoslocker_luca-stealer

    • Size

      2.7MB

    • MD5

      d3996214f88197fb442ae1f7da0f97a1

    • SHA1

      763fdb9bf1ae9cba005c615daa37e296b532af38

    • SHA256

      1f9a3add3893270c1528481e9f4495b3730fa200bfca5664cc443ab2844851cd

    • SHA512

      3ae89356f4a4309ef2b4ae7fa8dca58e37d5f274bfd7d1af97d2eeecf069d9b8d003dac14512868c04f830ddfaa0683598cc0b27455fe4349b3b7e5e7a0a3cf6

    • SSDEEP

      49152:HKKe1YeEAYOW1+M5A8PYxNv9BRvQT+svqiaiv:qKsW1+M5NPYLv93vYv

    Score
    10/10
    xwormdiscoverypersistencerattrojan

    • Detect Xworm Payload

    • Xworm

      Xworm is a remote access trojan written in C#.

      trojanratxworm

    • Xworm family

      xworm

    • Adds Run key to start application

      persistence

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks