Overview

overview

10

Static

static

1

2024-06-24...ia.exe

windows7-x64

3

2024-06-24...ia.exe

windows10-2004-x64

10

Sharing

Copy URL Twitter E-mail

General

  • Target

    2024-06-24_cae68af43cc5a62a9f8078988af74c44_cobalt-strike_mafia

  • Size

    140KB

  • Sample

    240624-en3wzaxale

  • MD5

    cae68af43cc5a62a9f8078988af74c44

  • SHA1

    636617087427cfcfdd0d31ce86e1b47264bd7e0e

  • SHA256

    16515021c05df0eae9049a1e152920d5bb4778cbdd3107fb80c45a6f3e13cf9c

  • SHA512

    302be5b976f66b69ecd0e908b7bdee523b30bb754891959f4be770689c2d7e3f9c129fc8e304d8791a58db90e762ee86c476ccab9a39a17a3f9b51ca9460223a

  • SSDEEP

    1536:Y1V09pBY225ZSOnHuP95UEWbb9aHlDN+TfONyDZPBA+kMmeMI8HT34nTTjKAoWkI:k3mOHk5UMllm3D8zAjKdWrPAk+hb5u

Score
10/10
xwormrattrojan

Malware Config

Extracted

Family

xworm

Version

5.0

C2

117.41.184.248:7000

Mutex

z7TTmNyADbalYrER

Attributes
  • install_file

    USB.exe

aes.plain

Targets

    • Target

      2024-06-24_cae68af43cc5a62a9f8078988af74c44_cobalt-strike_mafia

    • Size

      140KB

    • MD5

      cae68af43cc5a62a9f8078988af74c44

    • SHA1

      636617087427cfcfdd0d31ce86e1b47264bd7e0e

    • SHA256

      16515021c05df0eae9049a1e152920d5bb4778cbdd3107fb80c45a6f3e13cf9c

    • SHA512

      302be5b976f66b69ecd0e908b7bdee523b30bb754891959f4be770689c2d7e3f9c129fc8e304d8791a58db90e762ee86c476ccab9a39a17a3f9b51ca9460223a

    • SSDEEP

      1536:Y1V09pBY225ZSOnHuP95UEWbb9aHlDN+TfONyDZPBA+kMmeMI8HT34nTTjKAoWkI:k3mOHk5UMllm3D8zAjKdWrPAk+hb5u

    Score
    10/10
    xwormrattrojan

    • Detect Xworm Payload

    • Xworm

      Xworm is a remote access trojan written in C#.

      trojanratxworm

    • Detects Windows executables referencing non-Windows User-Agents

    behavioral1behavioral2

MITRE ATT&CK Matrix

Tasks