General

  • Target

    file.exe

  • Size

    744KB

  • Sample

    250415-tfx33stvay

  • MD5

    df8fde109ecc254425dfbfc013818133

  • SHA1

    66f927b7a699556f70f36c5d54f0c650a0d54bf9

  • SHA256

    6c2fe5baef8298cadbe66247a32d87c3dddbbd3a5b5ea356383b8d6837fe437a

  • SHA512

    1d3cdcd2d92df4bb55ed3346fe79e8eab267ab83e2e824adf3966c76bc329218528ea710743208b80c90067d0ff8b92378629dacc9d5ce09ceacbeafaae811b1

  • SSDEEP

    12288:1qCPeZdxQgEd7MZlvVoYBBrPH2K7MiF73BE3TCvVGb+Gob:1qCGZdxQg6oTv+YBBr+K7MiVBEjCvVew

Malware Config

Extracted

Family

xworm

Attributes
  • install_file

    MasonUSB.exe

Extracted

Family

latentbot

C2

cryptoghost.zapto.org

Targets

    • Target

      file.exe

    • Size

      744KB

    • MD5

      df8fde109ecc254425dfbfc013818133

    • SHA1

      66f927b7a699556f70f36c5d54f0c650a0d54bf9

    • SHA256

      6c2fe5baef8298cadbe66247a32d87c3dddbbd3a5b5ea356383b8d6837fe437a

    • SHA512

      1d3cdcd2d92df4bb55ed3346fe79e8eab267ab83e2e824adf3966c76bc329218528ea710743208b80c90067d0ff8b92378629dacc9d5ce09ceacbeafaae811b1

    • SSDEEP

      12288:1qCPeZdxQgEd7MZlvVoYBBrPH2K7MiF73BE3TCvVGb+Gob:1qCGZdxQg6oTv+YBBr+K7MiVBEjCvVew

    • Detect Xworm Payload

    • LatentBot

      Modular trojan written in Delphi which has been in-the-wild since 2013.

    • Latentbot family

    • Xworm

      Xworm is a remote access trojan written in C#.

    • Xworm family

    • Legitimate hosting services abused for malware hosting/C2

MITRE ATT&CK Enterprise v16

Tasks