Overview

overview

10

Static

static

10

0ba6420218...3d.exe

windows7-x64

10

0ba6420218...3d.exe

windows10-2004-x64

10

Sharing

Copy URL Twitter E-mail

General

  • Target

    371d449863d10d5108469abec7c545dfc618d519fb609266598d149d5a78bb73

  • Size

    18KB

  • Sample

    240419-vencxshg97

  • MD5

    fd30e3f2d25b8655511a7f5f97ccd01e

  • SHA1

    2ee251515117d0191362daeccbdc8d1c46d9d97b

  • SHA256

    371d449863d10d5108469abec7c545dfc618d519fb609266598d149d5a78bb73

  • SHA512

    098fd8c5178b85dc05fdf27a542cfaa52b51261ce31064fe01a5000b4f2259e78392c9bbabd37aebf1997d6e22c6eef10e902f8a9086caaa24df44e21a4d25fa

  • SSDEEP

    384:oV5KASu+3MFqxsYAbY//H2TPj2kkf6E+sOhVK04/6PmWtoNb5yQuWvRWYwen:oV5KASun1YAbD7qZXehYJ/SmWtoN9Tv5

Score
10/10
xwormrattrojan

Malware Config

Extracted

Family

xworm

Version

5.0

C2

137.184.9.205:7000

Mutex

bV5QPxwLtEpuTDDi

Attributes
  • install_file

    USB.exe

  • telegram

    https://api.telegram.org/bot6567817661:AAEPVH8mr4mtxVjaqzlho_8xxGuixiJIukE

aes.plain

Targets

    • Target

      0ba64202181094b72f8db073c627de074bd18ef9f977d42e12de6d6478ff283d.exe

    • Size

      37KB

    • MD5

      ffc433cc5b446ea470c8ce98edd7c248

    • SHA1

      90248c2c85885af789ca75053438c77c7512fbac

    • SHA256

      0ba64202181094b72f8db073c627de074bd18ef9f977d42e12de6d6478ff283d

    • SHA512

      0b085028dabe75bb22480b75191555dcfbf53c6caccd097375c632f34c47fb49ab4c24d2d4db7f6ffeb00b12184b2d433b70d00d86615485e7f7f76a52547a94

    • SSDEEP

      384:xeOSrHiWIjrdTadLwxwCUOCFFniFyNd9jMJrqpkFE+LT/OZwEci2v99Ik1is+Pja:HrtcCSFniFyh2dFh9gjO1h1qVgXj

    Score
    10/10
    xwormrattrojan

    • Detect Xworm Payload

    • Xworm

      Xworm is a remote access trojan written in C#.

      trojanratxworm
    behavioral1behavioral2

MITRE ATT&CK Matrix

Tasks