Overview

overview

10

Static

static

3

522d14faea...a3.exe

windows7-x64

10

522d14faea...a3.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    522d14faeaa7b2b8886bcd75304ae4db1a9392477e9b465a458f9bfd8cfdd6a3.exe

  • Size

    501KB

  • Sample

    240615-th7ejawfna

  • MD5

    5afd187821d9644d676080d96c6c7568

  • SHA1

    bcc7c6cb7662cdf1f20e48bcfcea8024390c26d1

  • SHA256

    522d14faeaa7b2b8886bcd75304ae4db1a9392477e9b465a458f9bfd8cfdd6a3

  • SHA512

    4debd98215a0df8559bacf04951ebb908e62b1dd68e0e1098b3e04e2cea69f030f63cff7476dcfe524b140abae623500875298e6539adffad3ae02f3ffafa2da

  • SSDEEP

    6144:yGGQjXgpmxGwJrdO/QH/nthQq/HUxLJJzbLw2eqrcYNGKMLXDSJDRa4S2:DGQjXJhXtaqPUXdAq3G5Q7

Score
10/10
xwormrattrojan

Malware Config

Extracted

Family

xworm

Version

5.0

C2

64.226.123.178:6098

Mutex

1z0ENxCLSR3XRSre

Attributes
  • install_file

    USB.exe

aes.plain

Targets

    • Target

      522d14faeaa7b2b8886bcd75304ae4db1a9392477e9b465a458f9bfd8cfdd6a3.exe

    • Size

      501KB

    • MD5

      5afd187821d9644d676080d96c6c7568

    • SHA1

      bcc7c6cb7662cdf1f20e48bcfcea8024390c26d1

    • SHA256

      522d14faeaa7b2b8886bcd75304ae4db1a9392477e9b465a458f9bfd8cfdd6a3

    • SHA512

      4debd98215a0df8559bacf04951ebb908e62b1dd68e0e1098b3e04e2cea69f030f63cff7476dcfe524b140abae623500875298e6539adffad3ae02f3ffafa2da

    • SSDEEP

      6144:yGGQjXgpmxGwJrdO/QH/nthQq/HUxLJJzbLw2eqrcYNGKMLXDSJDRa4S2:DGQjXJhXtaqPUXdAq3G5Q7

    Score
    10/10
    xwormrattrojan

    • Detect Xworm Payload

    • Xworm

      Xworm is a remote access trojan written in C#.

      trojanratxworm

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Matrix

Tasks