Overview

overview

10

Static

static

3

6dd41bfc65...38.exe

windows7-x64

10

6dd41bfc65...38.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    6dd41bfc65feff17a243f97340729b3472f519c1029127c5e9fee03bafcde338.zip

  • Size

    432KB

  • Sample

    240415-wspctach39

  • MD5

    43b67d0071ac82195e5daa02a115774e

  • SHA1

    436abe83e045c1731a556b64813555196a385e41

  • SHA256

    a5fc75ed69ef7cf908b297fe98806a881d014dfa075cf05fc8ac0792c8fa3b59

  • SHA512

    d4aa8673513c4ba7d1c214d8b03fd976fd0c28512286968ce95d69b81cf1a0656c7aec1356435bacf0d498e610c03ba1a710605d2d9a77c05097a6c7f1b4c496

  • SSDEEP

    12288:mWk+6ZPauB8FyEWG/5/CX49FW3fxUJRjRT237CA:eRPVBCyZG/5KocfxUJRjZen

Score
10/10
xwormrattrojan

Malware Config

Extracted

Family

xworm

C2

104.250.180.178:7061

Attributes
  • Install_directory

    %AppData%

  • install_file

    XClient.exe

Targets

    • Target

      6dd41bfc65feff17a243f97340729b3472f519c1029127c5e9fee03bafcde338.exe

    • Size

      445KB

    • MD5

      40e7f9319d64559c2bc3ab6595f419f3

    • SHA1

      4f5da8030b4dcc5774d7e8bd967614e77510dfb1

    • SHA256

      6dd41bfc65feff17a243f97340729b3472f519c1029127c5e9fee03bafcde338

    • SHA512

      bd35b27bf7b59d86d7d5eed1854d9b365decb4a56f60eb53364dc9c65a0cd3350b67b6b4580a64f231166267d987aa0654ed043f0ce97e94d1bd8015a03187c5

    • SSDEEP

      12288:hkvq31eoWDu5ysKCxGSY1gMGYkR2mf62q4KkrkDFAdq:heqFCu5VKsm1gMGYHmiWkDFAY

    Score
    10/10
    xwormrattrojan

    • Detect Xworm Payload

    • Xworm

      Xworm is a remote access trojan written in C#.

      trojanratxworm

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Drops startup file

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks