Overview

overview

10

Static

static

3

87fcd72d5a...b1.exe

windows7-x64

10

87fcd72d5a...b1.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    c00217935070f3582e3e7352f9d4b33a.bin

  • Size

    105KB

  • Sample

    240406-cbxhbagh5t

  • MD5

    ad54fb91932a8a057e61b71edb9a033f

  • SHA1

    0cae39e926ab078fe8b6f11928de5987220b11ad

  • SHA256

    50ea565937518de1685c92f332fffc1bc37a78b3e79e033c9f386ed5cd641bbc

  • SHA512

    3f9ae9f3e6be675efa2ea8875e96b98d647298d9253f35fb141a62a87eda667959007162516ce83a1d8408ec2261dcba66ca19dabe030cf881a628c7bd88ef74

  • SSDEEP

    1536:VQaZM7oxsaJF9svRs9A6npvtW2ycmGx5Qwp3xtQbcJrkAlFNcXM5xUFjQy:VRZeosaJFCRcAqdw2yPw5bpicA4BHmv

Score
10/10
xwormrattrojan

Malware Config

Extracted

Family

xworm

Version

3.1

C2

107.150.19.19:7000

Mutex

xX4ZsXt0UfSKdG38

Attributes
  • install_file

    USB.exe

aes.plain

Targets

    • Target

      87fcd72d5a220af7e19b13236a28a6258e38cf6040f03cdb7fff46d98f01b0b1.exe

    • Size

      142KB

    • MD5

      c00217935070f3582e3e7352f9d4b33a

    • SHA1

      a4a01d96f20c1858b2327d3cc42d9633e0c9c715

    • SHA256

      87fcd72d5a220af7e19b13236a28a6258e38cf6040f03cdb7fff46d98f01b0b1

    • SHA512

      89e90e99ffd9a35512e44dd83a9dc7bbab213fa6ad6758dd11225a4615ee165e757d71057e3e6c21198120babbeee46e5217ff05494229f8ab602c5d71c1e190

    • SSDEEP

      3072:kglFIo1nWg7NBWM8kWCZRTdkS6I81QcLLP9JurW2N8BJ:dlF2gjTdoLz9CW

    Score
    10/10
    xwormrattrojan

    • Detect Xworm Payload

    • Xworm

      Xworm is a remote access trojan written in C#.

      trojanratxworm

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Matrix

Tasks