Overview

overview

10

Static

static

1

1220.exe

windows7-x64

10

1220.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    1220.exe

  • Size

    287KB

  • Sample

    230327-f5z23sdh5t

  • MD5

    c9ca161c6fe1c897fe79456bced7385a

  • SHA1

    2ed335957b7ae95fcdb9b580b77069d02a7bdd55

  • SHA256

    d3560973cf6d7a1faea04ff7aaabc5fac5c8e2c7d5aacbd2fae8423f118ad1ba

  • SHA512

    9e03cf95d18e885bc49d3143e90a55a8547dae4f991d44103c35abb299a24b0c164409ab33069df94783f0bff769a19b58eb453231d3c53817840c44b424eaa2

  • SSDEEP

    3072:u+SRE3U354nnJDeWmlaiaozyBRIQQ2PIbBtelpGp6ClHtVWp4+f8MMMMMMMMMMQO:25MJ6zVtWIQQ2emI6ClHtVWpaV

Score
10/10
xwormrattrojan

Malware Config

Extracted

Family

xworm

C2

johnnew12.duckdns.org:7000

Mutex

NMFvSsFfSThofIzP

Attributes
  • install_file

    USB.exe

aes.plain

Targets

    • Target

      1220.exe

    • Size

      287KB

    • MD5

      c9ca161c6fe1c897fe79456bced7385a

    • SHA1

      2ed335957b7ae95fcdb9b580b77069d02a7bdd55

    • SHA256

      d3560973cf6d7a1faea04ff7aaabc5fac5c8e2c7d5aacbd2fae8423f118ad1ba

    • SHA512

      9e03cf95d18e885bc49d3143e90a55a8547dae4f991d44103c35abb299a24b0c164409ab33069df94783f0bff769a19b58eb453231d3c53817840c44b424eaa2

    • SSDEEP

      3072:u+SRE3U354nnJDeWmlaiaozyBRIQQ2PIbBtelpGp6ClHtVWp4+f8MMMMMMMMMMQO:25MJ6zVtWIQQ2emI6ClHtVWpaV

    Score
    10/10
    xwormrattrojan

    • Xworm

      Xworm is a remote access trojan written in C#.

      trojanratxworm

    • Executes dropped EXE

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Scheduled Task

1
T1053

Persistence

Scheduled Task

1
T1053

Privilege Escalation

Scheduled Task

1
T1053

Defense Evasion

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks