Overview

overview

10

Static

static

10

c11efa494a...f3.exe

windows7-x64

10

c11efa494a...f3.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    c11efa494a57ce765fc9966c392a8c0168c308036c25e9264094367440b6e7f3

  • Size

    236KB

  • Sample

    240930-clzenawhlc

  • MD5

    32ceabb96383dd10e7e1b81b5a7172d5

  • SHA1

    4b77984d871887252ae8a4c698fbbbd8e6af6fd0

  • SHA256

    c11efa494a57ce765fc9966c392a8c0168c308036c25e9264094367440b6e7f3

  • SHA512

    784e9c3a85263c3720f2e7dde1cf66f9761c9b11c3e664b52425019bdf799f504034991a3a90730b69db3e9bb9c1f62459b259792823400a7223b7ffc9c3d184

  • SSDEEP

    3072:2IBL0F2988OjrLLAsNeDF5nI0PGIj9lua/Obw0hFv2PCWpIdp:2IBLu29QL0sNOBTunbw0/5Wp

Score
10/10
xwormrattrojan

Malware Config

Extracted

Family

xworm

Version

5.0

C2

22.ip.gl.ply.gg:25132

Mutex

RymNaZySkzhWjMqs

Attributes
  • Install_directory

    %AppData%

  • install_file

    USB.exe

aes.plain

Targets

    • Target

      c11efa494a57ce765fc9966c392a8c0168c308036c25e9264094367440b6e7f3

    • Size

      236KB

    • MD5

      32ceabb96383dd10e7e1b81b5a7172d5

    • SHA1

      4b77984d871887252ae8a4c698fbbbd8e6af6fd0

    • SHA256

      c11efa494a57ce765fc9966c392a8c0168c308036c25e9264094367440b6e7f3

    • SHA512

      784e9c3a85263c3720f2e7dde1cf66f9761c9b11c3e664b52425019bdf799f504034991a3a90730b69db3e9bb9c1f62459b259792823400a7223b7ffc9c3d184

    • SSDEEP

      3072:2IBL0F2988OjrLLAsNeDF5nI0PGIj9lua/Obw0hFv2PCWpIdp:2IBLu29QL0sNOBTunbw0/5Wp

    Score
    10/10
    xwormrattrojan

    • Detect Xworm Payload

    • Xworm

      Xworm is a remote access trojan written in C#.

      trojanratxworm

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    behavioral1behavioral2

MITRE ATT&CK Matrix

Tasks