Overview

overview

10

Static

static

10

rat.exe

windows7-x64

10

rat.exe

windows10-2004-x64

10

Sharing

Copy URL Twitter E-mail

General

  • Target

    rat.exe

  • Size

    31KB

  • MD5

    6f7d5c324b8d0302c93fc126beeaf511

  • SHA1

    58c8190a385bf773094269c1a50e9b7a24840923

  • SHA256

    fa301b4dee19126aa462ff991295f9e537b987d1d860268fe11bcea71c0b7424

  • SHA512

    460c6c545913e21ceaa9f3fe4b2e170d06c5e49eba37bd29220b011b854afcb2eaf9f23739043b71f203e4db207df45362033c8d2a4cddf67d29c787993acc66

  • SSDEEP

    384:FWrVqCDweO/ace/VgFpLJPzwDs2ETIiqqR+gtFqBLTiZw/WNCvK9IkVuBCxOjhNw:lzT5EePqqZFr9RxOjhN/7v8

Score
10/10
xworm

Malware Config

Extracted

Family

xworm

Version

3.1

C2

6.tcp.eu.ngrok.io:4444

Mutex

kFkeJFfTsgsY5f87

Attributes
  • install_file

    USB.exe

aes.plain

Signatures

  • Detect Xworm Payload 1 IoCs
  • Xworm family
    xworm
  • Unsigned PE 1 IoCs

    Checks for missing Authenticode signature.

Files

  • rat.exe
    .exe windows x86

    Password: gotenks123A

    f34d5f2d4577ed6d9ceec516c1f5a744


    Headers

    Imports

    Sections