Overview

overview

10

Static

static

3

load.exe

windows7-x64

1

load.exe

windows10-2004-x64

10

Sharing

Copy URL Twitter E-mail

General

  • Target

    load(1).zip

  • Size

    170KB

  • Sample

    231012-t7mfnaea86

  • MD5

    79a29c83fa8079e2838d26fbe3e5bba3

  • SHA1

    78fc802698cbd378ff6c54c9d24f232839ce1191

  • SHA256

    83c1f56c350970e2778498a4794923165f21f89471dcac47c4b696602b7287f7

  • SHA512

    30088d15b479651bd676ca0dfa14d4ec9c3784ac9e02ba5c0e46f5119ff3911b1342ee75307d49d09e3a517f3802bc69f222b86f200d4cfd1a5d1dab0694ee7d

  • SSDEEP

    3072:hKjU0tlpy2VtFS588zlJyCwIwWtVeSK9lznqSG9cMVB7ZiogQnCE:hKjUontF688zaZWtV0jnqp5ZiogACE

Score
10/10
xwormrattrojan

Malware Config

Extracted

Family

xworm

Version

3.1

C2

159.69.11.30:7000

Mutex

B9TuovWyb1qWEP8x

Attributes
  • install_file

    USB.exe

aes.plain

Targets

    • Target

      load.exe

    • Size

      295KB

    • MD5

      b9d18df723bd19f7b876f5327f2db7a0

    • SHA1

      d7c17d77c8eb9b1bba325dd7810a74e3b3d260c0

    • SHA256

      959069fecdbd4347ec53719f06a8aab2d58d2ad121129e7de595013d52a52aff

    • SHA512

      ffc434e1447dc3c64f01c3c8135b4346dd47a7b2bfba673e06da81600d0b1b3b969ca3b3d87fc1a236bf86716bf1d4761f16f97075c7e379e3674e3428bd7967

    • SSDEEP

      6144:bBpfLHAmppMQoqeek0OLR2XHtR0JEJjSQlIQL:bLAMK3qC0OLRwn0asQiq

    Score
    10/10
    xwormrattrojan

    • Detect Xworm Payload

    • Xworm

      Xworm is a remote access trojan written in C#.

      trojanratxworm
    behavioral1behavioral2

MITRE ATT&CK Matrix

Tasks