Overview

overview

10

Static

static

10

xnLQfmYu7SYa.exe

windows7-x64

10

xnLQfmYu7SYa.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    xnLQfmYu7SYa.exe

  • Size

    30KB

  • Sample

    240128-3b1g3scfa6

  • MD5

    3b6d0af38f1db77037b69a8546332110

  • SHA1

    e8f9c1298fdf546f06a00942e72d1fdb8fed2d3f

  • SHA256

    395bc9b22f40aae715b4a82839da2e9ac0715d2c644eccb2885a2332789ca4db

  • SHA512

    6ff679504c94a1afe65614bf1f5c91c0c9d44904372de316aceca2eecd53c1b901d83e22ff40fd54f4904481d7062c8ba08ddd73b3cd98f90c50308a8d237ef1

  • SSDEEP

    384:r7wTA+5OfPgEBQqWvfcQLZe3s80hYACSqRN9PD42uRugtFuBLTIOZw/WVnvn9Ik5:rrgECfLH8MYAoRN9M2uBFE9RWOqhXbS

Score
10/10
xwormrattrojan

Malware Config

Extracted

Family

xworm

Version

3.1

C2

0.tcp.sa.ngrok.io:10858

Mutex

ALIMtWPMN9iJMG47

Attributes
  • install_file

    USB.exe

aes.plain

Targets

    • Target

      xnLQfmYu7SYa.exe

    • Size

      30KB

    • MD5

      3b6d0af38f1db77037b69a8546332110

    • SHA1

      e8f9c1298fdf546f06a00942e72d1fdb8fed2d3f

    • SHA256

      395bc9b22f40aae715b4a82839da2e9ac0715d2c644eccb2885a2332789ca4db

    • SHA512

      6ff679504c94a1afe65614bf1f5c91c0c9d44904372de316aceca2eecd53c1b901d83e22ff40fd54f4904481d7062c8ba08ddd73b3cd98f90c50308a8d237ef1

    • SSDEEP

      384:r7wTA+5OfPgEBQqWvfcQLZe3s80hYACSqRN9PD42uRugtFuBLTIOZw/WVnvn9Ik5:rrgECfLH8MYAoRN9M2uBFE9RWOqhXbS

    Score
    10/10
    xwormrattrojan

    • Detect Xworm Payload

    • Xworm

      Xworm is a remote access trojan written in C#.

      trojanratxworm

    • Legitimate hosting services abused for malware hosting/C2

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks