Overview

overview

10

Static

static

3

i4i5cWlPds5T4lU.exe

windows11-21h2-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    i4i5cWlPds5T4lU.exe

  • Size

    2.4MB

  • Sample

    250308-qr7vwaxxav

  • MD5

    6921656a8f1f24ab3b1a39c45b31ebc9

  • SHA1

    54f97880caab512cac55201162b37a5e9d7f4ae6

  • SHA256

    809e6e727c4ab324f36b55eebeaa3f0f77130c8bd2a0a11ec3c12e9e7a5345b8

  • SHA512

    e251cfb31ff5ba0c224d22ffc13bc1f98872a450ec9fd404e064d6bf123d4378f8719130613f90a9609780fc28210cc7e8e1c32b9ab36e4a0142d36f7f70390a

  • SSDEEP

    24576:d5/Jl2jvpMkjgWH7cFh3+Dg+Vj2G+92kNFycQZ1Pd/sZhnZaYxs12CG:67cP3+c+UN9H0lZ1tsXZje

Score
10/10
xwormdiscoverypersistencerattrojan

Malware Config

Extracted

Family

xworm

C2

MrN0name-63570.portmap.host:63570

Attributes
  • Install_directory

    %LocalAppData%

  • install_file

    svchost.exe

Targets

    • Target

      i4i5cWlPds5T4lU.exe

    • Size

      2.4MB

    • MD5

      6921656a8f1f24ab3b1a39c45b31ebc9

    • SHA1

      54f97880caab512cac55201162b37a5e9d7f4ae6

    • SHA256

      809e6e727c4ab324f36b55eebeaa3f0f77130c8bd2a0a11ec3c12e9e7a5345b8

    • SHA512

      e251cfb31ff5ba0c224d22ffc13bc1f98872a450ec9fd404e064d6bf123d4378f8719130613f90a9609780fc28210cc7e8e1c32b9ab36e4a0142d36f7f70390a

    • SSDEEP

      24576:d5/Jl2jvpMkjgWH7cFh3+Dg+Vj2G+92kNFycQZ1Pd/sZhnZaYxs12CG:67cP3+c+UN9H0lZ1tsXZje

    Score
    10/10
    xwormdiscoverypersistencerattrojan

    • Detect Xworm Payload

    • Xworm

      Xworm is a remote access trojan written in C#.

      trojanratxworm

    • Xworm family

      xworm

    • Adds Run key to start application

      persistence

    • Suspicious use of SetThreadContext

    behavioral1

MITRE ATT&CK Enterprise v15

Tasks