Overview

overview

10

Static

static

10

sussy.exe

windows11-21h2-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    sussy.exe

  • Size

    34KB

  • Sample

    240615-p9rqya1frc

  • MD5

    78c2dab9453fa4a072ae3e7649857912

  • SHA1

    8ab5ad867f75c444b74cef170b3c18268a65d8bb

  • SHA256

    145cebeb15c5eebefe46852ddfaf3aa285eba4f9f12edb5062dc6dae40904a38

  • SHA512

    f03c51e9a403baf16c670f336abe3a73e2f6005c05af44762d8d46fa914d06a0ff7566be807d41d9d53440f3fefeb3a36cee594a656bd87a0e2630e6ef5f461c

  • SSDEEP

    768:SU5ZmgcNVPhQHIugbPL33jbK6LFc98bOjhyobqH5:SIoScbbKoFc98bOjlG

Score
10/10
xwormrattrojan

Malware Config

Extracted

Family

xworm

Version

5.0

C2

xwormserver.000webhostapp.com:21

Mutex

2pNNBtZ7mBL0qrmN

Attributes
  • install_file

    USB.exe

aes.plain

Targets

    • Target

      sussy.exe

    • Size

      34KB

    • MD5

      78c2dab9453fa4a072ae3e7649857912

    • SHA1

      8ab5ad867f75c444b74cef170b3c18268a65d8bb

    • SHA256

      145cebeb15c5eebefe46852ddfaf3aa285eba4f9f12edb5062dc6dae40904a38

    • SHA512

      f03c51e9a403baf16c670f336abe3a73e2f6005c05af44762d8d46fa914d06a0ff7566be807d41d9d53440f3fefeb3a36cee594a656bd87a0e2630e6ef5f461c

    • SSDEEP

      768:SU5ZmgcNVPhQHIugbPL33jbK6LFc98bOjhyobqH5:SIoScbbKoFc98bOjlG

    Score
    10/10
    xwormrattrojan

    • Detect Xworm Payload

    • Xworm

      Xworm is a remote access trojan written in C#.

      trojanratxworm

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    behavioral1

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

2
T1012

System Information Discovery

2
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks