Overview

overview

10

Static

static

3

b6f14127cf...7a.exe

windows7-x64

10

b6f14127cf...7a.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    b6f14127cfa1cdd9fa4e8827ea094235a8328bdbb00d6b934d6832dd61401c7a.exe

  • Size

    399KB

  • Sample

    240615-cgtzdavhrh

  • MD5

    818ee324a5274c76cc75e974cb29e46a

  • SHA1

    235f5c59aab7a4befa73174183dcf9f66eb40159

  • SHA256

    b6f14127cfa1cdd9fa4e8827ea094235a8328bdbb00d6b934d6832dd61401c7a

  • SHA512

    9e19035f27606b18df2fb0be157cf33726a708e1326efda88b51fcc1b3653f2787ea1e574367b6b305f012a5f710d5b8f4461aab23f3486b99335ad5f6dca8e6

  • SSDEEP

    6144:56WKcYOIhgIBAHpGKDrV5ITIgj67VEN4NQeAjudYlFoAnPqbIc8m:5aVCZVLgjGtqaYlFTng

Score
10/10
xwormrattrojan

Malware Config

Extracted

Family

xworm

Version

5.0

C2

64.226.123.178:6098

Mutex

1z0ENxCLSR3XRSre

Attributes
  • install_file

    USB.exe

aes.plain

Targets

    • Target

      b6f14127cfa1cdd9fa4e8827ea094235a8328bdbb00d6b934d6832dd61401c7a.exe

    • Size

      399KB

    • MD5

      818ee324a5274c76cc75e974cb29e46a

    • SHA1

      235f5c59aab7a4befa73174183dcf9f66eb40159

    • SHA256

      b6f14127cfa1cdd9fa4e8827ea094235a8328bdbb00d6b934d6832dd61401c7a

    • SHA512

      9e19035f27606b18df2fb0be157cf33726a708e1326efda88b51fcc1b3653f2787ea1e574367b6b305f012a5f710d5b8f4461aab23f3486b99335ad5f6dca8e6

    • SSDEEP

      6144:56WKcYOIhgIBAHpGKDrV5ITIgj67VEN4NQeAjudYlFoAnPqbIc8m:5aVCZVLgjGtqaYlFTng

    Score
    10/10
    xwormrattrojan

    • Detect Xworm Payload

    • Xworm

      Xworm is a remote access trojan written in C#.

      trojanratxworm

    • Detects Windows executables referencing non-Windows User-Agents

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Matrix

Tasks