Overview

overview

10

Static

static

10

d5f3ade8dc...3b.exe

windows7-x64

10

d5f3ade8dc...3b.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    d5f3ade8dcf776d15cb8c0fa90ae775c650f89617a586817e1656d15279f0d3b.exe

  • Size

    84KB

  • Sample

    241002-b2h7yavblh

  • MD5

    7d367e5778501dd057e233dbbd917a48

  • SHA1

    3fc55369d1f97ffe6ea236dd8878f923024a1dc0

  • SHA256

    d5f3ade8dcf776d15cb8c0fa90ae775c650f89617a586817e1656d15279f0d3b

  • SHA512

    c11e3a3bf96b43303cb4e2a8d5c91cb43c68f5a84d6ccc23bb2e5740bffde425ff73d747203d64f9aee66103fb9465e5284f64a57a7b9351080c8ed492b6e1be

  • SSDEEP

    1536:rcM5lz+Dxn3KbGTkY/lRR6m+Mnkb5sMFj60/BOUqwYic93SznQygxx:J5lqeokY16mvkb5/JBO3iuSTk

Score
10/10
xwormrattrojan

Malware Config

Extracted

Family

xworm

C2

45.156.30.9:1604

Attributes
  • install_file

    USB.exe

Targets

    • Target

      d5f3ade8dcf776d15cb8c0fa90ae775c650f89617a586817e1656d15279f0d3b.exe

    • Size

      84KB

    • MD5

      7d367e5778501dd057e233dbbd917a48

    • SHA1

      3fc55369d1f97ffe6ea236dd8878f923024a1dc0

    • SHA256

      d5f3ade8dcf776d15cb8c0fa90ae775c650f89617a586817e1656d15279f0d3b

    • SHA512

      c11e3a3bf96b43303cb4e2a8d5c91cb43c68f5a84d6ccc23bb2e5740bffde425ff73d747203d64f9aee66103fb9465e5284f64a57a7b9351080c8ed492b6e1be

    • SSDEEP

      1536:rcM5lz+Dxn3KbGTkY/lRR6m+Mnkb5sMFj60/BOUqwYic93SznQygxx:J5lqeokY16mvkb5/JBO3iuSTk

    Score
    10/10
    xwormrattrojan

    • Detect Xworm Payload

    • Xworm

      Xworm is a remote access trojan written in C#.

      trojanratxworm

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    behavioral1behavioral2

MITRE ATT&CK Matrix

Tasks