Overview

overview

10

Static

static

10

xca.exe

windows7-x64

10

xca.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    xca.exe

  • Size

    34KB

  • Sample

    240522-xk64bsch44

  • MD5

    cddd357366899c16ac793a9c02a2bc91

  • SHA1

    51b94c67865078445f18cd88a9094201925b43cf

  • SHA256

    61a40644545efe9ca21ab98829d613af37024cd779126ed55e7fd404912671f4

  • SHA512

    b6c0a5877cf6d42976819a8545a6f316b44938da10e2a2d383b389a7eeba3a12d4c14dd7198f4c77cf7e0ebf2507f5d66dac62e568a66a6f2622442a7fae0b16

  • SSDEEP

    768:3teHgjgARFWlaPMDVMpXgdGlA9Fg9uNO/hrbj:9QERFaaUD+BgdeeFg9uNO/Vv

Score
10/10
xwormrattrojan

Malware Config

Extracted

Family

xworm

Version

5.0

C2

friends-analytical.gl.at.ply.gg:44471

Mutex

1AMdFhkQS1xb2SWs

Attributes
  • Install_directory

    %Userprofile%

  • install_file

    svchost.exe

aes.plain

Targets

    • Target

      xca.exe

    • Size

      34KB

    • MD5

      cddd357366899c16ac793a9c02a2bc91

    • SHA1

      51b94c67865078445f18cd88a9094201925b43cf

    • SHA256

      61a40644545efe9ca21ab98829d613af37024cd779126ed55e7fd404912671f4

    • SHA512

      b6c0a5877cf6d42976819a8545a6f316b44938da10e2a2d383b389a7eeba3a12d4c14dd7198f4c77cf7e0ebf2507f5d66dac62e568a66a6f2622442a7fae0b16

    • SSDEEP

      768:3teHgjgARFWlaPMDVMpXgdGlA9Fg9uNO/hrbj:9QERFaaUD+BgdeeFg9uNO/Vv

    Score
    10/10
    xwormrattrojan

    • Detect Xworm Payload

    • Xworm

      Xworm is a remote access trojan written in C#.

      trojanratxworm

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks