General

  • Target

    Seliware.zip

  • Size

    5.1MB

  • Sample

    250702-x5ybxsgj9z

  • MD5

    6c34ff0cbbf89ba4d024738f9c02d2d7

  • SHA1

    ad3b1dc665d47574e0bb609af318853900c0d58c

  • SHA256

    93b147eb9ab24c2a3db94b7d7b75013f569d60ee55c89ab362daa60205a54a2a

  • SHA512

    525125885a71592a9f820b99a9bdf3fbd9a920f4fd14e7206a6e06ff7280a801e9494fb054ca4c81878ee152e6c8cf1d44d9fc512b91ce2d9d23a38414788bba

  • SSDEEP

    98304:Y3Qp7BelX4mUoJK8p5PO+nlZFJd+dNCAcBqFRyBNj3PW4xHSR:YudM4VoJKyPOod+dEBWR2j3pHSR

Score
10/10

Malware Config

Extracted

Family

xworm

C2

educational-scores.gl.at.ply.gg:53465

Attributes
  • Install_directory

    %AppData%

  • install_file

    svchost.exe

  • telegram

    https://api.telegram.org/bot7747512039:AAE82CvJd42E5_bXF5pw1ilKYqA20mlvK44/sendMessage?chat_id=7476312671

Targets

    • Target

      Seliware.zip

    • Size

      5.1MB

    • MD5

      6c34ff0cbbf89ba4d024738f9c02d2d7

    • SHA1

      ad3b1dc665d47574e0bb609af318853900c0d58c

    • SHA256

      93b147eb9ab24c2a3db94b7d7b75013f569d60ee55c89ab362daa60205a54a2a

    • SHA512

      525125885a71592a9f820b99a9bdf3fbd9a920f4fd14e7206a6e06ff7280a801e9494fb054ca4c81878ee152e6c8cf1d44d9fc512b91ce2d9d23a38414788bba

    • SSDEEP

      98304:Y3Qp7BelX4mUoJK8p5PO+nlZFJd+dNCAcBqFRyBNj3PW4xHSR:YudM4VoJKyPOod+dEBWR2j3pHSR

    Score
    10/10
    • Detect Xworm Payload

    • Xworm

      Xworm is a remote access trojan written in C#.

    • Xworm family

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

MITRE ATT&CK Matrix

Tasks