Overview

overview

10

Static

static

3

368e9ba787...7c.exe

windows7-x64

10

368e9ba787...7c.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    8c39310a1ae844a74a040f8a36e4cac1fbf67095f2d8f1bd9ffd48442f96414c

  • Size

    82KB

  • Sample

    240419-v84a8sah88

  • MD5

    3be47dd7845a1280b6e941860685d991

  • SHA1

    e3b81eea43348cfee8ebb061f7b10c0e1ba713ac

  • SHA256

    8c39310a1ae844a74a040f8a36e4cac1fbf67095f2d8f1bd9ffd48442f96414c

  • SHA512

    84bf7a6ad31aa472337c2a9acbf808574f8aa16bd62095df58b6cc514294540a47838cf0ce9726079356266ad458fbf2258e8c30d114bc94ce297d4a0290ab79

  • SSDEEP

    1536:8lYwEu6QJeyK3XGC9mXPmnWD+IKyQjFUuPMO0Y2vpFv8HzF/4FYTIs/geW:0FxK3X1S4fyQJlR0fvpFuzp4FYTIsIB

Score
10/10
xwormrattrojan

Malware Config

Extracted

Family

xworm

C2

45.76.13.211:7000

Attributes
  • Install_directory

    %AppData%

  • install_file

    XClient.exe

Targets

    • Target

      368e9ba787825581ace40c910363082e9541442840c3a2c715b7acd37941717c.exe

    • Size

      93KB

    • MD5

      02a8f63cf0794af1eda36fc824795811

    • SHA1

      3d9cce7694776b976918e51ac2bf3d1f00c9fb41

    • SHA256

      368e9ba787825581ace40c910363082e9541442840c3a2c715b7acd37941717c

    • SHA512

      43ee74e7c23fd57feb9fc53da4d29a1a3202ed2c00c8ed5243ab7cc559b17aec1634392b10f81463fa26432ed025e02d7a620a068613712c05a4183130a6ac01

    • SSDEEP

      1536:DccsFRCo9GyL3qHsTItlEkdChnH80nm+CRNHsi64oJTQYeTpgCj/jf0j:/sFRC+L3dQLdanH80CbHLNKSCCjzc

    Score
    10/10
    xwormrattrojan

    • Detect Xworm Payload

    • Xworm

      Xworm is a remote access trojan written in C#.

      trojanratxworm

    • Drops startup file

    • Loads dropped DLL

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Tasks