Overview

overview

10

Static

static

10

7da653c2c7...41.exe

windows7-x64

10

7da653c2c7...41.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    89a5f77f8511329406bd3e2a1b5b4ca5f0d3273935438294a23d43c568ed6152

  • Size

    16KB

  • Sample

    240419-vw3h6sae22

  • MD5

    21f8f5892bdd71a603c6e9e1a63a2d29

  • SHA1

    5b7206f87ff1d185df3e9358b572d1b6e279c904

  • SHA256

    89a5f77f8511329406bd3e2a1b5b4ca5f0d3273935438294a23d43c568ed6152

  • SHA512

    f52451a4a37599fd0b0344da00c5de071e390205fd410e14e3f9812d4a1656ebe69a18c8da090982648c063f05187df646cbbe0fe1fffd6f4ebe3b75e0c5dfdb

  • SSDEEP

    384:BVuJo71rqn8/1jBgy0GuOQtrb7R1e23M7c8b6AsK+ea1X+B/7KhTa0m:Dui71cmt0GJQE77c5VK/aB+B/L

Score
10/10
xwormrattrojan

Malware Config

Extracted

Family

xworm

Version

5.0

C2

137.184.94.195:7000

Mutex

guk3VdsoD7I0ZlYz

Attributes
  • install_file

    USB.exe

  • telegram

    https://api.telegram.org/bot6849306171:AAEXOowHoIXdJG2J0JE1MdL7UhvdbtW-i90/sendMessage?chat_id=5551685072

aes.plain

Targets

    • Target

      7da653c2c7da3978b130a96b29e3699d26ffd0293f85a2236aacc4c6c1904a41.exe

    • Size

      34KB

    • MD5

      3fa6771f335bcfb7e88fe376fc8324c4

    • SHA1

      b09a1797e964c50a31c6448a49ebc4f40e0e98c3

    • SHA256

      7da653c2c7da3978b130a96b29e3699d26ffd0293f85a2236aacc4c6c1904a41

    • SHA512

      ab9ab9d4e00223ed268b0004589358dc90e455f564b1a9a38936791e55d123a23cf4ae80c7253c7afa7126b68cb45262b0f4c39bf712734c66a251da2acc3216

    • SSDEEP

      384:BIwDnjTJeDs3fL92nfHIAxNFR2EguN4gRzpkFXBLT0OZwEJN2v99IkuisywlH6xI:r0D69QfHIAxNOsNrwFo9jrbOjh4bw

    Score
    10/10
    xwormrattrojan

    • Detect Xworm Payload

    • Xworm

      Xworm is a remote access trojan written in C#.

      trojanratxworm
    behavioral1behavioral2

MITRE ATT&CK Matrix

Tasks