Overview

overview

10

Static

static

10

c4067d9656...d0.exe

windows7-x64

10

c4067d9656...d0.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    c4067d965604f4f37a63f298b22cc4d0.exe

  • Size

    157KB

  • Sample

    230227-la7fkach56

  • MD5

    c4067d965604f4f37a63f298b22cc4d0

  • SHA1

    325b70cdf286d63934fe34f51dd6da3a8b672081

  • SHA256

    6f2e22d541680c151da164b02f916a3d72da0517b2f052f7356d05e8b374690b

  • SHA512

    dd7f7c06e2d28c84f901dbe1ee55963342ec60b08fac54e404185b70b0ef10090df797ca72e9adc42d3ba9ed32aa71f344e3f277529c92f43fc82603a5a8e12e

  • SSDEEP

    1536:tTP0/lt9ZWAUpysZbALBYoz6M9OvW/CdEB:tTs/lt9rUpysZbAL62OvzdEB

Score
10/10
xwormpersistencerattrojan

Malware Config

Targets

    • Target

      c4067d965604f4f37a63f298b22cc4d0.exe

    • Size

      157KB

    • MD5

      c4067d965604f4f37a63f298b22cc4d0

    • SHA1

      325b70cdf286d63934fe34f51dd6da3a8b672081

    • SHA256

      6f2e22d541680c151da164b02f916a3d72da0517b2f052f7356d05e8b374690b

    • SHA512

      dd7f7c06e2d28c84f901dbe1ee55963342ec60b08fac54e404185b70b0ef10090df797ca72e9adc42d3ba9ed32aa71f344e3f277529c92f43fc82603a5a8e12e

    • SSDEEP

      1536:tTP0/lt9ZWAUpysZbALBYoz6M9OvW/CdEB:tTs/lt9rUpysZbAL62OvzdEB

    Score
    10/10
    xwormpersistencerattrojan

    • Xworm

      Xworm is a remote access trojan written in C#.

      trojanratxworm

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Drops startup file

    • Executes dropped EXE

    • Adds Run key to start application

      persistence
    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks