Overview

overview

10

Static

static

3

Output.exe

windows11-21h2-x64

Sharing

Copy URL
Twitter E-mail

General

  • Target

    Output.exe

  • Size

    1000KB

  • Sample

    250123-msyrtayjgr

  • MD5

    1eb331980c382323b15b2b3ff57a2a42

  • SHA1

    c0252956194de18835ba962fb632f8684a6ba5bb

  • SHA256

    cbe5d8a26aff6afeef7f29f5488c28b7a7889b863247eabc8b8aea0cdb9795fe

  • SHA512

    c878567ecf82d8e2024ef62a7e4c91a59fd6819e18a02375db5f4e4884261e07a750a62c536098a30c95e4820af976d1fe36fec82db42902bb2f8cf07f72238e

  • SSDEEP

    24576:TKUejpAyoSpAS1cVcfQ04EyV8WpzhjmPcVm8nH3+h:uUW5qScOfWBV8Wp2I5X

Score
10/10
xwormexecutionpersistencerattrojan

Malware Config

Extracted

Family

xworm

C2

127.0.0.1:24707

modified-begun.gl.at.ply.gg:24707
Attributes
  • Install_directory

    %AppData%

  • install_file

    USB.exe

Targets

    • Target

      Output.exe

    • Size

      1000KB

    • MD5

      1eb331980c382323b15b2b3ff57a2a42

    • SHA1

      c0252956194de18835ba962fb632f8684a6ba5bb

    • SHA256

      cbe5d8a26aff6afeef7f29f5488c28b7a7889b863247eabc8b8aea0cdb9795fe

    • SHA512

      c878567ecf82d8e2024ef62a7e4c91a59fd6819e18a02375db5f4e4884261e07a750a62c536098a30c95e4820af976d1fe36fec82db42902bb2f8cf07f72238e

    • SSDEEP

      24576:TKUejpAyoSpAS1cVcfQ04EyV8WpzhjmPcVm8nH3+h:uUW5qScOfWBV8Wp2I5X

    Score
    10/10
    xwormexecutionpersistencerattrojan

    • Detect Xworm Payload

    • Xworm

      Xworm is a remote access trojan written in C#.

      trojanratxworm

    • Xworm family

      xworm

    • Command and Scripting Interpreter: PowerShell

      Run Powershell to modify Windows Defender settings to add exclusions for file extensions, paths, and processes.

      execution

    • Drops startup file

    • Executes dropped EXE

    • Adds Run key to start application

      persistence

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    behavioral1

MITRE ATT&CK Enterprise v15

Tasks