General
-
Target
https://gofile.io/d/icZVjg
-
Sample
250518-vmbn4ahq4t
Static task
static1
URLScan task
urlscan1
Behavioral task
behavioral1
Sample
https://gofile.io/d/icZVjg
Resource
win11-20250502-en
25 signatures
150 seconds
Malware Config
Extracted
Family
xworm
Version
2.2
C2
gorngooner10-24984.portmap.io:24984
Mutex
nvP3MkanNMUmubw5
Attributes
-
install_file
USB.exe
aes.plain
Targets
-
-
Target
https://gofile.io/d/icZVjg
-
Detect Xworm Payload
-
Xworm family
-
Downloads MZ/PE file
-
Drops startup file
-
Executes dropped EXE
-
Adds Run key to start application
-
Legitimate hosting services abused for malware hosting/C2
-
Sets desktop wallpaper using registry
-
MITRE ATT&CK Enterprise v16
Persistence
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Scheduled Task/Job
1Scheduled Task
1Privilege Escalation
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Scheduled Task/Job
1Scheduled Task
1Defense Evasion
Modify Registry
2Subvert Trust Controls
1SIP and Trust Provider Hijacking
1