Overview

overview

10

Static

static

10

848411659a...c7.exe

windows7-x64

10

848411659a...c7.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    848411659aa8dfc757a3f4a889ed7c2b7f2c0e78c119bec00cd31bf32925bcc7

  • Size

    225KB

  • Sample

    240521-ay8srach71

  • MD5

    caba3480869729c3082340ab4ce4dfc0

  • SHA1

    452e7dbd1aae2ede9d989b9018af83185e27097b

  • SHA256

    848411659aa8dfc757a3f4a889ed7c2b7f2c0e78c119bec00cd31bf32925bcc7

  • SHA512

    a08ba586dc9f804dc8afaff992ddc7c8af66acbaedaaeb0bbae36d8b0c96e788e7c747633d6aa345097831db146d5708e56ccfdf2287e9e9baf9b9966a256791

  • SSDEEP

    6144:cqrGcKnbsH9UhcX7elbKTua9bfF/H9d9n:cJcRH93X3u+

Score
10/10
xwormrattrojan

Malware Config

Extracted

Family

xworm

C2

key-metro.gl.at.ply.gg:53838

Attributes
  • install_file

    USB.exe

Targets

    • Target

      848411659aa8dfc757a3f4a889ed7c2b7f2c0e78c119bec00cd31bf32925bcc7

    • Size

      225KB

    • MD5

      caba3480869729c3082340ab4ce4dfc0

    • SHA1

      452e7dbd1aae2ede9d989b9018af83185e27097b

    • SHA256

      848411659aa8dfc757a3f4a889ed7c2b7f2c0e78c119bec00cd31bf32925bcc7

    • SHA512

      a08ba586dc9f804dc8afaff992ddc7c8af66acbaedaaeb0bbae36d8b0c96e788e7c747633d6aa345097831db146d5708e56ccfdf2287e9e9baf9b9966a256791

    • SSDEEP

      6144:cqrGcKnbsH9UhcX7elbKTua9bfF/H9d9n:cJcRH93X3u+

    Score
    10/10
    xwormrattrojan

    • Detect Xworm Payload

    • Xworm

      Xworm is a remote access trojan written in C#.

      trojanratxworm

    • Detects Windows executables referencing non-Windows User-Agents

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    behavioral1behavioral2

MITRE ATT&CK Matrix

Tasks