Overview

overview

10

Static

static

3

inector.exe

windows7-x64

10

inector.exe

windows10-2004-x64

10

Sharing

Copy URL Twitter E-mail

General

  • Target

    inector.exe

  • Size

    3.5MB

  • Sample

    240225-fc5rvsce3t

  • MD5

    683ee2bcce033399ae4c454930480ff5

  • SHA1

    d1a7faf1a4d588167e68e42f4bda34b603977fce

  • SHA256

    93121a3d21caa5ba8d96be1ecaa50bfdff617f1bc7584d2f429b1ef924b09dcd

  • SHA512

    4cb065282d60a8abf5d1be779113fae88e27c2e619ae26b797a221bc117cbce7d7f55d270cb778b97de72b67602f99f28f194ac02c47701110aca7adaa9ad49d

  • SSDEEP

    98304:Cmh0/gvY+Y6ix4HxJA79QqksfsJNGrsKZ0rz/1g:C2w+9ix4kvSqOm

Score
10/10
xwormrattrojan

Malware Config

Extracted

Family

xworm

Version

5.0

C2

properties-reasonable.gl.at.ply.gg:55832

Mutex

kot6q2EiakZxmsjW

Attributes
  • install_file

    USB.exe

aes.plain

Targets

    • Target

      inector.exe

    • Size

      3.5MB

    • MD5

      683ee2bcce033399ae4c454930480ff5

    • SHA1

      d1a7faf1a4d588167e68e42f4bda34b603977fce

    • SHA256

      93121a3d21caa5ba8d96be1ecaa50bfdff617f1bc7584d2f429b1ef924b09dcd

    • SHA512

      4cb065282d60a8abf5d1be779113fae88e27c2e619ae26b797a221bc117cbce7d7f55d270cb778b97de72b67602f99f28f194ac02c47701110aca7adaa9ad49d

    • SSDEEP

      98304:Cmh0/gvY+Y6ix4HxJA79QqksfsJNGrsKZ0rz/1g:C2w+9ix4kvSqOm

    Score
    10/10
    xwormrattrojan

    • Detect Xworm Payload

    • Xworm

      Xworm is a remote access trojan written in C#.

      trojanratxworm

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks