Overview

overview

10

Static

static

10

filegoescrazy.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    filegoescrazy.exe

  • Size

    54KB

  • Sample

    240224-ybztbsdd91

  • MD5

    31ef297bedf12af59e5122534a0ce354

  • SHA1

    908bb59543a230b4f6bf1aa09446aea83a94e77d

  • SHA256

    395c1c11ac0714bea3725ca0adbdb5640b0cb183f86042890430fabf95a092b4

  • SHA512

    b5ef0a2a039770c07395ec80551667a4db89956629dc211e17b7da1d07f1419861263bffcdb2169cad5a51973a9e656c2ca69932b91d5be0bdde4783d2adef02

  • SSDEEP

    1536:W2ihJLJKGnGknZH2kb+rvXJW76GOAK4i:W2M5H2kb+zoOAxi

Score
10/10
xwormrattrojan

Malware Config

Targets

    • Target

      filegoescrazy.exe

    • Size

      54KB

    • MD5

      31ef297bedf12af59e5122534a0ce354

    • SHA1

      908bb59543a230b4f6bf1aa09446aea83a94e77d

    • SHA256

      395c1c11ac0714bea3725ca0adbdb5640b0cb183f86042890430fabf95a092b4

    • SHA512

      b5ef0a2a039770c07395ec80551667a4db89956629dc211e17b7da1d07f1419861263bffcdb2169cad5a51973a9e656c2ca69932b91d5be0bdde4783d2adef02

    • SSDEEP

      1536:W2ihJLJKGnGknZH2kb+rvXJW76GOAK4i:W2M5H2kb+zoOAxi

    Score
    10/10
    xwormrattrojan

    • Detect Xworm Payload

    • Xworm

      Xworm is a remote access trojan written in C#.

      trojanratxworm

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Drops startup file

    behavioral1

MITRE ATT&CK Enterprise v15

Tasks