Overview

overview

10

Static

static

10

65922c917e...c8.exe

windows7-x64

10

65922c917e...c8.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    65922c917efdc2c199bf73fca76fc83f7f492dc7c516c79268632340c5560fc8

  • Size

    67KB

  • Sample

    240822-f7514stgmq

  • MD5

    ad91cdedf5ec6bf09257588fa74477ca

  • SHA1

    c4b3befbdd195186287be8e08285756139360d87

  • SHA256

    65922c917efdc2c199bf73fca76fc83f7f492dc7c516c79268632340c5560fc8

  • SHA512

    f2f5789360023e663252ad8e1cb77e9546cafe9b63415a3a4a0b09dcf51444e79924da7486ba96f2a225c89f10d26e214e12a963641f456d33dde68addca4536

  • SSDEEP

    1536:vR1dldwSP2/yHUMjfRCQidS9UOPub2Fjwkq9sEOnPJB1:vRRdzP2/opL6cub2FRqaEOnRP

Score
10/10
xwormrattrojan

Malware Config

Extracted

Family

xworm

C2

20.ip.gl.ply.gg:64584

Attributes
  • install_file

    USB.exe

Targets

    • Target

      65922c917efdc2c199bf73fca76fc83f7f492dc7c516c79268632340c5560fc8

    • Size

      67KB

    • MD5

      ad91cdedf5ec6bf09257588fa74477ca

    • SHA1

      c4b3befbdd195186287be8e08285756139360d87

    • SHA256

      65922c917efdc2c199bf73fca76fc83f7f492dc7c516c79268632340c5560fc8

    • SHA512

      f2f5789360023e663252ad8e1cb77e9546cafe9b63415a3a4a0b09dcf51444e79924da7486ba96f2a225c89f10d26e214e12a963641f456d33dde68addca4536

    • SSDEEP

      1536:vR1dldwSP2/yHUMjfRCQidS9UOPub2Fjwkq9sEOnPJB1:vRRdzP2/opL6cub2FRqaEOnRP

    Score
    10/10
    xwormrattrojan

    • Detect Xworm Payload

    • Xworm

      Xworm is a remote access trojan written in C#.

      trojanratxworm

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    behavioral1behavioral2

MITRE ATT&CK Matrix

Tasks