Overview

overview

10

Static

static

10

janxwor39090.exe

windows7-x64

10

janxwor39090.exe

windows10-1703-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    janxwor39090.exe

  • Size

    35KB

  • Sample

    240212-x7hz1sbb5x

  • MD5

    d0ae55e5bf52296ac522d8d2acaeb933

  • SHA1

    bb15b9ebcfaefa5aff4eeed1899def45e3a7b21f

  • SHA256

    552cfe1d324eabb78511924dbbbf870fe10fe742d88a708f0012f47091ec04a6

  • SHA512

    3b66345dcd998bcfc67ca02be70224b6dfa63023548bfaa482a38b81d2bc551999867d14e3c7b9281e87c4c7433f685854768279128f1af07e675b8a3de640f5

  • SSDEEP

    384:wgg9j00WbqxAMTayV5N+5maFZZL3aHpJm3/KNm0ns0VgtFMAmNLToZw/RZCvK9IX:yB4QBTOl3aC3CNUVFQ92g7OMhUuvlE

Score
10/10
xwormrattrojan

Malware Config

Extracted

Family

xworm

Version

3.1

C2

janxworm9090.duckdns.org:9090

Mutex

Xa2HMWUMGteOPIQ2

Attributes
  • Install_directory

    %AppData%

  • install_file

    USB.exe

aes.plain

Targets

    • Target

      janxwor39090.exe

    • Size

      35KB

    • MD5

      d0ae55e5bf52296ac522d8d2acaeb933

    • SHA1

      bb15b9ebcfaefa5aff4eeed1899def45e3a7b21f

    • SHA256

      552cfe1d324eabb78511924dbbbf870fe10fe742d88a708f0012f47091ec04a6

    • SHA512

      3b66345dcd998bcfc67ca02be70224b6dfa63023548bfaa482a38b81d2bc551999867d14e3c7b9281e87c4c7433f685854768279128f1af07e675b8a3de640f5

    • SSDEEP

      384:wgg9j00WbqxAMTayV5N+5maFZZL3aHpJm3/KNm0ns0VgtFMAmNLToZw/RZCvK9IX:yB4QBTOl3aC3CNUVFQ92g7OMhUuvlE

    Score
    10/10
    xwormrattrojan

    • Detect Xworm Payload

    • Xworm

      Xworm is a remote access trojan written in C#.

      trojanratxworm

    • Drops startup file

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks