Overview

overview

10

Static

static

3

docxw20230908.exe

windows7-x64

10

docxw20230908.exe

windows10-2004-x64

10

Sharing

Copy URL Twitter E-mail

General

  • Target

    docxw20230908.exe.2

  • Size

    400.0MB

  • Sample

    231013-3ss5bsfa81

  • MD5

    35057f07a32f74f8ba044659343f59ea

  • SHA1

    0bdc40820ee90b7471ec5241e6dacc4eb9514331

  • SHA256

    b17fd59db88521a35cbbc39eae8c46f9f9a14008f9bab8bfd00f7d3aa40ea7fe

  • SHA512

    7306fd401a1484084c6e4b667a2efc54551a8f7eae339ad75b24f58f2dfb4ba507cbe50015ba0241e7f6b99e25fb548c9b8c6f8b9714e6d0f5f2e815ea84d0f7

  • SSDEEP

    3072:E+BnTi90t/wqfMpCMAPs3UIGiszAVLCbilsjVJi1MaKKKKKKldjVKKKKVKbKKKKr:E+BnTiq2QM53NGNzeCb9jVJi1xelFY

Score
10/10
xwormrattrojan

Malware Config

Extracted

Family

xworm

Version

3.1

C2

homesafe1000.duckdns.org:7000

Mutex

MbQZfUWuaRfd8jkh

Attributes
  • install_file

    USB.exe

aes.plain

Targets

    • Target

      docxw20230908.exe.2

    • Size

      400.0MB

    • MD5

      35057f07a32f74f8ba044659343f59ea

    • SHA1

      0bdc40820ee90b7471ec5241e6dacc4eb9514331

    • SHA256

      b17fd59db88521a35cbbc39eae8c46f9f9a14008f9bab8bfd00f7d3aa40ea7fe

    • SHA512

      7306fd401a1484084c6e4b667a2efc54551a8f7eae339ad75b24f58f2dfb4ba507cbe50015ba0241e7f6b99e25fb548c9b8c6f8b9714e6d0f5f2e815ea84d0f7

    • SSDEEP

      3072:E+BnTi90t/wqfMpCMAPs3UIGiszAVLCbilsjVJi1MaKKKKKKldjVKKKKVKbKKKKr:E+BnTiq2QM53NGNzeCb9jVJi1xelFY

    Score
    10/10
    xwormrattrojan

    • Detect Xworm Payload

    • Xworm

      Xworm is a remote access trojan written in C#.

      trojanratxworm

    • Executes dropped EXE

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks