Overview

overview

10

Static

static

10

c4067d9656...d0.exe

windows7-x64

10

c4067d9656...d0.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    c4067d965604f4f37a63f298b22cc4d0.exe

  • Size

    157KB

  • Sample

    230227-la7fkach56

  • MD5

    c4067d965604f4f37a63f298b22cc4d0

  • SHA1

    325b70cdf286d63934fe34f51dd6da3a8b672081

  • SHA256

    6f2e22d541680c151da164b02f916a3d72da0517b2f052f7356d05e8b374690b

  • SHA512

    dd7f7c06e2d28c84f901dbe1ee55963342ec60b08fac54e404185b70b0ef10090df797ca72e9adc42d3ba9ed32aa71f344e3f277529c92f43fc82603a5a8e12e

  • SSDEEP

    1536:tTP0/lt9ZWAUpysZbALBYoz6M9OvW/CdEB:tTs/lt9rUpysZbAL62OvzdEB

Score
10/10
xwormpersistencerattrojan

Malware Config

Targets

    • Target

      c4067d965604f4f37a63f298b22cc4d0.exe

    • Size

      157KB

    • MD5

      c4067d965604f4f37a63f298b22cc4d0

    • SHA1

      325b70cdf286d63934fe34f51dd6da3a8b672081

    • SHA256

      6f2e22d541680c151da164b02f916a3d72da0517b2f052f7356d05e8b374690b

    • SHA512

      dd7f7c06e2d28c84f901dbe1ee55963342ec60b08fac54e404185b70b0ef10090df797ca72e9adc42d3ba9ed32aa71f344e3f277529c92f43fc82603a5a8e12e

    • SSDEEP

      1536:tTP0/lt9ZWAUpysZbALBYoz6M9OvW/CdEB:tTs/lt9rUpysZbAL62OvzdEB

    Score
    10/10
    xwormpersistencerattrojan

    • Xworm

      Xworm is a remote access trojan written in C#.

      trojanratxworm

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Drops startup file

    • Executes dropped EXE

    • Adds Run key to start application

      persistence
    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks

We care about your privacy.

This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.