Overview

overview

10

Static

static

3

22052024_0...sc.exe

windows7-x64

1

22052024_0...sc.exe

windows10-2004-x64

10

Resubmissions

22-05-2024 09:11

240522-k5sp8aac28 10

22-05-2024 09:11

240522-k5la5sac25 10

22-05-2024 06:41

240522-hf3ssafd5x 10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    22052024_0641_DXJS_exe_sc.bin

  • Size

    337KB

  • Sample

    240522-k5sp8aac28

  • MD5

    e10e87f59726d45e840eb24f9bbdae48

  • SHA1

    386a4a7e04961a0d450d2aa0e9d6e3b4c64f12eb

  • SHA256

    e138a0d5e625340ee5b1b0936301392cbf7a9f35a8347657de0ab4cdd47bdeae

  • SHA512

    46f6c6f2a4cb734876b344fbaa2bdb506a46229afea3406f9adfae5371aa315a018d80da74553c102ee22c516becb4a442b0bc6b24cae80e61274a9c6befb544

  • SSDEEP

    6144:Fo+pJ8RgQ+Z3szVOJiaR+ULVOX2chG7uhLMiZ3Lcu1Tvk3/m0LZTUQZsh81jI:F5eYZcOJLRhLOVAM0mkJM8

Score
10/10
xwormrattrojan

Malware Config

Extracted

Family

xworm

Version

3.1

C2

newremisco2905.duckdns.org:2905

Mutex

0h9jcqiqjT5SnJcR

Attributes
  • install_file

    USB.exe

aes.plain

Targets

    • Target

      22052024_0641_DXJS_exe_sc.bin

    • Size

      337KB

    • MD5

      e10e87f59726d45e840eb24f9bbdae48

    • SHA1

      386a4a7e04961a0d450d2aa0e9d6e3b4c64f12eb

    • SHA256

      e138a0d5e625340ee5b1b0936301392cbf7a9f35a8347657de0ab4cdd47bdeae

    • SHA512

      46f6c6f2a4cb734876b344fbaa2bdb506a46229afea3406f9adfae5371aa315a018d80da74553c102ee22c516becb4a442b0bc6b24cae80e61274a9c6befb544

    • SSDEEP

      6144:Fo+pJ8RgQ+Z3szVOJiaR+ULVOX2chG7uhLMiZ3Lcu1Tvk3/m0LZTUQZsh81jI:F5eYZcOJLRhLOVAM0mkJM8

    Score
    10/10
    xwormrattrojan

    • Detect Xworm Payload

    • Suspicious use of NtCreateUserProcessOtherParentProcess

    • Xworm

      Xworm is a remote access trojan written in C#.

      trojanratxworm
    behavioral1behavioral2

MITRE ATT&CK Matrix

Tasks