Overview

overview

10

Static

static

10

obXClient.exe

windows7-x64

10

obXClient.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    obXClient.exe

  • Size

    64KB

  • Sample

    240505-nv472sha2x

  • MD5

    591e9953e62a79303811c9ca80191df9

  • SHA1

    387c087dc56454635de1ee1a3ba9697d8709ad84

  • SHA256

    19484f6840c4f4c21598d7345218eaeb1c85e3ccfaf347c998b4fb83dd8cb08c

  • SHA512

    88b25f3b6421e2e9c9c48ce0a9d4303b25f8d9946a937fcae072d9b2e55b85a42f502acaa0d6d1700e42e93c063a67cf5bfb8589a3784a8f8c5c5858fe83883b

  • SSDEEP

    1536:1BNwbm2OEanmWH79J0ZAFHQpvtbkbYNoTFW1XwO9Hno:1BNwbTkff0i4kbYKQXwO9no

Score
10/10
xwormrattrojan

Malware Config

Extracted

Family

xworm

C2

139.180.188.91:7000

Attributes
  • Install_directory

    %AppData%

  • install_file

    data33561.exe

Targets

    • Target

      obXClient.exe

    • Size

      64KB

    • MD5

      591e9953e62a79303811c9ca80191df9

    • SHA1

      387c087dc56454635de1ee1a3ba9697d8709ad84

    • SHA256

      19484f6840c4f4c21598d7345218eaeb1c85e3ccfaf347c998b4fb83dd8cb08c

    • SHA512

      88b25f3b6421e2e9c9c48ce0a9d4303b25f8d9946a937fcae072d9b2e55b85a42f502acaa0d6d1700e42e93c063a67cf5bfb8589a3784a8f8c5c5858fe83883b

    • SSDEEP

      1536:1BNwbm2OEanmWH79J0ZAFHQpvtbkbYNoTFW1XwO9Hno:1BNwbTkff0i4kbYKQXwO9no

    Score
    10/10
    xwormrattrojan

    • Detect Xworm Payload

    • Xworm

      Xworm is a remote access trojan written in C#.

      trojanratxworm

    • Drops startup file

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks