Overview

overview

10

Static

static

3

BloxstrapModded.exe

windows7-x64

10

BloxstrapModded.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    BloxstrapModded.exe

  • Size

    10.0MB

  • Sample

    240420-sr2pzabd95

  • MD5

    d4823d25c86c905b29ff3cd42127d5b3

  • SHA1

    4380e4416b419f1bde9ee98c45b14fc7f29e8876

  • SHA256

    71cc081cbe5e67b32b6b07ca8e63211610e6a52d477f8afc32521a0b1cfd1f45

  • SHA512

    e9d12f0e1c4c2a434c6ec8a004d85141a6f6bc6a81179d7f9200d387a8f7031554615a39e33384694c2e8291ebab533c3c703d927498480078a87b6f49520152

  • SSDEEP

    1536:EctSNh5dMtrBDrqiYQ92Zxlc9lQPykplbTqr:Z8NhviV/qcwc9+aQby

Score
10/10
xwormrattrojan

Malware Config

Extracted

Family

xworm

C2

million-houston.gl.at.ply.gg:27705

Attributes
  • Install_directory

    %AppData%

  • install_file

    BloxstrapModded.exe

Targets

    • Target

      BloxstrapModded.exe

    • Size

      10.0MB

    • MD5

      d4823d25c86c905b29ff3cd42127d5b3

    • SHA1

      4380e4416b419f1bde9ee98c45b14fc7f29e8876

    • SHA256

      71cc081cbe5e67b32b6b07ca8e63211610e6a52d477f8afc32521a0b1cfd1f45

    • SHA512

      e9d12f0e1c4c2a434c6ec8a004d85141a6f6bc6a81179d7f9200d387a8f7031554615a39e33384694c2e8291ebab533c3c703d927498480078a87b6f49520152

    • SSDEEP

      1536:EctSNh5dMtrBDrqiYQ92Zxlc9lQPykplbTqr:Z8NhviV/qcwc9+aQby

    Score
    10/10
    xwormrattrojan

    • Detect Xworm Payload

    • Xworm

      Xworm is a remote access trojan written in C#.

      trojanratxworm

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Drops startup file

    • Executes dropped EXE

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks