Overview

overview

10

Static

static

10

822c1751f5...14.exe

windows7-x64

10

822c1751f5...14.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    822c1751f5d8bf308fc69a6f0b1bb5614bf4eb0fe1415638d45c70ab626f9614.exe

  • Size

    84KB

  • Sample

    241002-bsajfatfnf

  • MD5

    11bff8d34e69b9e35855f51d37236b4a

  • SHA1

    ba42805932d7ef37ff8560cd4f8bcc561abf86a6

  • SHA256

    822c1751f5d8bf308fc69a6f0b1bb5614bf4eb0fe1415638d45c70ab626f9614

  • SHA512

    2afe96dde6ad1218443bbce0fd90be6617be0d55b46cd7f29058aa3106c4c77632a5ed711cd6374fbbfb41249f66606278be6efcd914dfffa9e67f32a8a6e29f

  • SSDEEP

    1536:LcM5lz+Dxn3KbGTkY/lRR6m+Mnkb5sMFj60/BOUqwYic93Sz3wygxx:p5lqeokY16mvkb5/JBO3iuSjE

Score
10/10
xwormrattrojan

Malware Config

Extracted

Family

xworm

C2

45.156.30.9:1604

Attributes
  • install_file

    USB.exe

Targets

    • Target

      822c1751f5d8bf308fc69a6f0b1bb5614bf4eb0fe1415638d45c70ab626f9614.exe

    • Size

      84KB

    • MD5

      11bff8d34e69b9e35855f51d37236b4a

    • SHA1

      ba42805932d7ef37ff8560cd4f8bcc561abf86a6

    • SHA256

      822c1751f5d8bf308fc69a6f0b1bb5614bf4eb0fe1415638d45c70ab626f9614

    • SHA512

      2afe96dde6ad1218443bbce0fd90be6617be0d55b46cd7f29058aa3106c4c77632a5ed711cd6374fbbfb41249f66606278be6efcd914dfffa9e67f32a8a6e29f

    • SSDEEP

      1536:LcM5lz+Dxn3KbGTkY/lRR6m+Mnkb5sMFj60/BOUqwYic93Sz3wygxx:p5lqeokY16mvkb5/JBO3iuSjE

    Score
    10/10
    xwormrattrojan

    • Detect Xworm Payload

    • Xworm

      Xworm is a remote access trojan written in C#.

      trojanratxworm

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    behavioral1behavioral2

MITRE ATT&CK Matrix

Tasks