Overview

overview

10

Static

static

10

33907bb0d8...72.exe

windows7-x64

10

33907bb0d8...72.exe

windows10-2004-x64

10

Sharing

Copy URL Twitter E-mail

General

  • Target

    33907bb0d8268011e6cfb1c3b06ad849d84efffd9dfb53ce3adda9933abe4472.exe.zip

  • Size

    42KB

  • Sample

    231031-q63vgagf8x

  • MD5

    ed98569f8fd53fb5b332815261db459c

  • SHA1

    a0760d264b5718aa265b1b362e20658e42af6f92

  • SHA256

    a0ada086569574fa1684abe86b87547600ed683b095ed59bd827e89749b93af3

  • SHA512

    74453bb47dbbdf38edbf42a326d8d1867c57551d0cb03f088f4ec7ff1312e3136b3612e31a59618d27a24537093cea14104c6f97c1b41304e54afe607fdae628

  • SSDEEP

    768:/pzhKBZfqw7A3ge6nzzxA7vVamUUVA2jdJghgI1bS/7M82M/06vSN+j4C:/pz4BZfq4gqnzziLAUbdJIgI1b8ibHNS

Score
10/10
xwormrattrojan

Malware Config

Extracted

Family

xworm

C2

194.ip.ply.gg:58713

Mutex

tRgdVZ5X7D1u4VgL

Attributes
  • install_file

    USB.exe

aes.plain

Targets

    • Target

      33907bb0d8268011e6cfb1c3b06ad849d84efffd9dfb53ce3adda9933abe4472.exe

    • Size

      98KB

    • MD5

      445ad015cfea0fd3c111cd6536341bf5

    • SHA1

      b4b9f4f6c65436f55fafcbcf52ebf02a676a1b9d

    • SHA256

      33907bb0d8268011e6cfb1c3b06ad849d84efffd9dfb53ce3adda9933abe4472

    • SHA512

      7b9b90e862f03f8745fd16749dea7e60c92e35c9d4af050bb956cb0b51a6dd65cb49296a5bdd86b8eb04b6a07cb33fa34556a259672592daf632ceca4c46cc37

    • SSDEEP

      1536:K9imNPnMKTCUbq4jTTa/2w8wiV7TXxfQtnUiApKq:KoMM8CeqNcVPXxYtnSJ

    Score
    10/10
    xwormrattrojan

    • Detect Xworm Payload

    • Xworm

      Xworm is a remote access trojan written in C#.

      trojanratxworm

    • Drops startup file

    behavioral1behavioral2

MITRE ATT&CK Matrix

Tasks