Overview

overview

10

Static

static

10

XWorm_Inst...EB.exe

windows7-x64

10

XWorm_Inst...EB.exe

windows10-2004-x64

10

Sharing

Copy URL Twitter E-mail

General

  • Target

    XWorm_Installer_v5.6_CRACKED_WEB.exe

  • Size

    212KB

  • Sample

    240721-ys7v9sscke

  • MD5

    1944352777346eb61474af431456f69d

  • SHA1

    c186adfb49fd75cafb2dcdc27335f3fabac98ba3

  • SHA256

    42bbd1111a65c99ddaf546defa047e8625e23e3585b6fc6fd620a3ea960fb0a7

  • SHA512

    af55e4a3e02c44b6eb705e356e0ac08a4d5d02733bad15b589d3e5710140d5953ab056ce152b9b0f9c422a688d3bb9520ddb6d82220f6b1e5b3eb33c3259d9a7

  • SSDEEP

    3072:oe4F71eEFiEcsCbjP37nPO3JomEM4A2ewhLapuvpAsZOyMqmyBeYVYe:oe9jEcsCbj3Iq/GWGwqqm1

Score
10/10
xwormrattrojan

Malware Config

Extracted

Family

xworm

C2

continue-singing.gl.at.ply.gg:4436

Attributes
  • Install_directory

    %AppData%

  • install_file

    USB.exe

Targets

    • Target

      XWorm_Installer_v5.6_CRACKED_WEB.exe

    • Size

      212KB

    • MD5

      1944352777346eb61474af431456f69d

    • SHA1

      c186adfb49fd75cafb2dcdc27335f3fabac98ba3

    • SHA256

      42bbd1111a65c99ddaf546defa047e8625e23e3585b6fc6fd620a3ea960fb0a7

    • SHA512

      af55e4a3e02c44b6eb705e356e0ac08a4d5d02733bad15b589d3e5710140d5953ab056ce152b9b0f9c422a688d3bb9520ddb6d82220f6b1e5b3eb33c3259d9a7

    • SSDEEP

      3072:oe4F71eEFiEcsCbjP37nPO3JomEM4A2ewhLapuvpAsZOyMqmyBeYVYe:oe9jEcsCbj3Iq/GWGwqqm1

    Score
    10/10
    xwormrattrojan

    • Detect Xworm Payload

    • Xworm

      Xworm is a remote access trojan written in C#.

      trojanratxworm

    • Drops startup file

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks