Overview

overview

10

Static

static

1

Details of...an.lnk

windows7-x64

10

Details of...an.lnk

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    Details of Project Marketing Plan.rar

  • Size

    21KB

  • Sample

    230421-m366yaha7s

  • MD5

    cde4def2f34af73a838927ddb8c9125a

  • SHA1

    edb65f03ab6f1961b5bd35ef827481590e61c001

  • SHA256

    ec58a22e01ef99de36fbe2a8d66a81c0b4acf7938e51a59c72c027cef04f314c

  • SHA512

    6f2e13a7b064e1514ec5f4867efabdf5dc85b76dd93258589e62dc8c9d5e75040bb61408d0612979de1429f263f90a2eb2b035b82e931868a8d447a4f5f99e16

  • SSDEEP

    384:uEhaVFU1pS+6d5hsgqkq9pqih36kcrc6FQYEwwjzoM5QoFTKt1fdti4WfwT4Yn1g:bQVFUKJhs6iht6anjsM5QoFTKtZdti48

Score
10/10
xwormrattrojan

Malware Config

Targets

    • Target

      Details of Project Marketing Plan.lnk

    • Size

      283.4MB

    • MD5

      8dc27ba3775ecc1d2b98b8a6f0d5ce7b

    • SHA1

      37d5fcd4c70c06be6768122a7bd1dfd9e45e4cfe

    • SHA256

      6f6f882d4ec5de6025bf4cf8135aeee95b5fb1d3acb33a83fdac5cc995776bc0

    • SHA512

      521065e48bba639657f29525f6e008d53597da8536cb91f0f029a9b8aa7dcfd7bc8002700fad9fecc6eba32b06f2b19bbb86314e78a1ae1c047f6080bfca797f

    • SSDEEP

      1536:roFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFv:r

    Score
    10/10
    xwormrattrojan

    • Xworm

      Xworm is a remote access trojan written in C#.

      trojanratxworm

    • Blocklisted process makes network request

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Deletes itself

    • Executes dropped EXE

    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks