Overview

overview

10

Static

static

3

bf0db9f8a4...0N.exe

windows7-x64

10

bf0db9f8a4...0N.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    bf0db9f8a4b7e43549f33370ad164a80N

  • Size

    410KB

  • Sample

    240913-nt92xazfmd

  • MD5

    bf0db9f8a4b7e43549f33370ad164a80

  • SHA1

    2f6890787daa9e850efe3adce81b1e010255f24f

  • SHA256

    9300b65a9c2d88371155b26b649e95bc3b61da97a8a33b4399fbcb4ce0287e5e

  • SHA512

    ee2220944b0fcae1c25ef1ea4c02b7aa84b13215fba4a69b22890bd5be25ffed476b0ec474b3886981890097d6e07818397f155c1b2b7b830ff5c621d8849581

  • SSDEEP

    3072:7KYke2fEgIIp6nlr176ikG6ja/VBpJN73Wnm5kAixEK9:7p2sI+HkG6ja/z7N7SrW

Score
10/10
xwormdiscoveryrattrojan

Malware Config

Extracted

Family

xworm

Version

5.0

C2

Rakibl-48126.portmap.io:48126

Mutex

SzpZ7u4GezdS2k5V

Attributes
  • Install_directory

    %ProgramData%

  • install_file

    XClient.exe

aes.plain

Targets

    • Target

      bf0db9f8a4b7e43549f33370ad164a80N

    • Size

      410KB

    • MD5

      bf0db9f8a4b7e43549f33370ad164a80

    • SHA1

      2f6890787daa9e850efe3adce81b1e010255f24f

    • SHA256

      9300b65a9c2d88371155b26b649e95bc3b61da97a8a33b4399fbcb4ce0287e5e

    • SHA512

      ee2220944b0fcae1c25ef1ea4c02b7aa84b13215fba4a69b22890bd5be25ffed476b0ec474b3886981890097d6e07818397f155c1b2b7b830ff5c621d8849581

    • SSDEEP

      3072:7KYke2fEgIIp6nlr176ikG6ja/VBpJN73Wnm5kAixEK9:7p2sI+HkG6ja/z7N7SrW

    Score
    10/10
    xwormdiscoveryrattrojan

    • Detect Xworm Payload

    • Xworm

      Xworm is a remote access trojan written in C#.

      trojanratxworm

    • Executes dropped EXE

    • Loads dropped DLL

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks