General
-
Target
9e6aef22dddfad9f4f3e2b478c59e5091233270da722712011011df2b6cf2ac0.exe
-
Size
286KB
-
Sample
250308-n4hqeawxhs
-
MD5
4ca928ae23fcfa668b951b98f847a10c
-
SHA1
2390606cab60a13706644016b7a6e5498277b14b
-
SHA256
9e6aef22dddfad9f4f3e2b478c59e5091233270da722712011011df2b6cf2ac0
-
SHA512
ce90304762bdcd23b7a7dbc1404a197b2cf267e1399240a91f8c7689efc9e188e20b2e565a1062bb8fd1827a377abaeec4d84992e2b35859bf49537ee763596c
-
SSDEEP
6144:t/Juw3FOBVEqLsGIfkSKM6riUCxaKP6aAON2kQxQxQMMJzCWOG8iZr:t/8w3FCEqI9kSKMmSagPJlx2vJWjGXZr
Malware Config
Targets
-
-
Target
9e6aef22dddfad9f4f3e2b478c59e5091233270da722712011011df2b6cf2ac0.exe
-
Size
286KB
-
MD5
4ca928ae23fcfa668b951b98f847a10c
-
SHA1
2390606cab60a13706644016b7a6e5498277b14b
-
SHA256
9e6aef22dddfad9f4f3e2b478c59e5091233270da722712011011df2b6cf2ac0
-
SHA512
ce90304762bdcd23b7a7dbc1404a197b2cf267e1399240a91f8c7689efc9e188e20b2e565a1062bb8fd1827a377abaeec4d84992e2b35859bf49537ee763596c
-
SSDEEP
6144:t/Juw3FOBVEqLsGIfkSKM6riUCxaKP6aAON2kQxQxQMMJzCWOG8iZr:t/8w3FCEqI9kSKMmSagPJlx2vJWjGXZr
Score10/10-
Detect Xworm Payload
-
Xworm
Xworm is a remote access trojan written in C#.
-
Xworm family
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Drops startup file
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Scheduled Task/Job
1Scheduled Task
1Privilege Escalation
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Scheduled Task/Job
1Scheduled Task
1