Overview

overview

10

Static

static

3

Loader.vmp.exe

windows7-x64

10

Loader.vmp.exe

windows10-1703-x64

10

Loader.vmp.exe

windows10-2004-x64

10

Loader.vmp.exe

windows11-21h2-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    Loader.vmp.exe

  • Size

    32.7MB

  • Sample

    231225-jb1y3acebl

  • MD5

    ae660c1cb492cd7c2bc81305255b6b64

  • SHA1

    f2a2c9d3c1ae69ce468c397ee5dbb9e4a50d5b15

  • SHA256

    ebbc4cce87889f1148eb39083401ffb26637d32ffddec0a52e2a53875504cf16

  • SHA512

    895f469ebb9e0202066586353f656a5c80479a351cbb4ff09ef39d089d873219f09ea2110f1a6e6b500d56b669fd4ee5989b3d2e3f599d94b049e182e8129191

  • SSDEEP

    786432:YVxPE9F/dZd6GUbojVGn0NXhwUj0Q7nAq4ZW/:SGD/B6GUboBG0NyNQ7h

Score
10/10
xwormrattrojan

Malware Config

Extracted

Family

xworm

C2

case-shield.gl.at.ply.gg:26501

Attributes
  • Install_directory

    %Userprofile%

  • install_file

    USB.exe

Targets

    • Target

      Loader.vmp.exe

    • Size

      32.7MB

    • MD5

      ae660c1cb492cd7c2bc81305255b6b64

    • SHA1

      f2a2c9d3c1ae69ce468c397ee5dbb9e4a50d5b15

    • SHA256

      ebbc4cce87889f1148eb39083401ffb26637d32ffddec0a52e2a53875504cf16

    • SHA512

      895f469ebb9e0202066586353f656a5c80479a351cbb4ff09ef39d089d873219f09ea2110f1a6e6b500d56b669fd4ee5989b3d2e3f599d94b049e182e8129191

    • SSDEEP

      786432:YVxPE9F/dZd6GUbojVGn0NXhwUj0Q7nAq4ZW/:SGD/B6GUboBG0NyNQ7h

    Score
    10/10
    xwormrattrojan

    • Detect Xworm Payload

    • Xworm

      Xworm is a remote access trojan written in C#.

      trojanratxworm

    • Executes dropped EXE

    behavioral1behavioral2behavioral3behavioral4

MITRE ATT&CK Enterprise v15

Tasks