Overview

overview

10

Static

static

10

gmail.exe

windows7-x64

10

gmail.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    gmail.exe

  • Size

    34KB

  • Sample

    250125-y92etayqcv

  • MD5

    fd86951c009521532a151f600e66ee30

  • SHA1

    884821a5866582c2d58df4dbdce520af290d433e

  • SHA256

    a9b576e09fbdf6ed93d8214e536c8ff855b324f4110c1c3337b7f0c43d1010a4

  • SHA512

    85bef4bf4f28a39a3bf96e1e59af29eba8a0ad5d28de8ab855c0419a4d5c9a32a6ed9e78d96f8ff75a117d36e86d560cbc2213fef3f5346b9ca2bc82b4c4e214

  • SSDEEP

    384:MNNqxPqTdQl2/rz3N+5s92agyLCOy4d+1F8xkrfkRtpkFXBLTWZwoJOcvw9Ibui3:iO2IJWCOyu+pYOFh9YpOjhP/6n

Score
10/10
xwormpersistencerattrojan

Malware Config

Extracted

Family

xworm

Version

5.0

Mutex

SHgxyzvK1VA9Dztg

Attributes
  • Install_directory

    %Userprofile%

  • install_file

    MicrosoftUpdate.exe

  • pastebin_url

    https://pastebin.com/ccTQUYyU

aes.plain

Targets

    • Target

      gmail.exe

    • Size

      34KB

    • MD5

      fd86951c009521532a151f600e66ee30

    • SHA1

      884821a5866582c2d58df4dbdce520af290d433e

    • SHA256

      a9b576e09fbdf6ed93d8214e536c8ff855b324f4110c1c3337b7f0c43d1010a4

    • SHA512

      85bef4bf4f28a39a3bf96e1e59af29eba8a0ad5d28de8ab855c0419a4d5c9a32a6ed9e78d96f8ff75a117d36e86d560cbc2213fef3f5346b9ca2bc82b4c4e214

    • SSDEEP

      384:MNNqxPqTdQl2/rz3N+5s92agyLCOy4d+1F8xkrfkRtpkFXBLTWZwoJOcvw9Ibui3:iO2IJWCOyu+pYOFh9YpOjhP/6n

    Score
    10/10
    xwormpersistencerattrojan

    • Detect Xworm Payload

    • Xworm

      Xworm is a remote access trojan written in C#.

      trojanratxworm

    • Xworm family

      xworm

    • Drops startup file

    • Adds Run key to start application

      persistence

    • Legitimate hosting services abused for malware hosting/C2

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks