Overview

overview

10

Static

static

10

9ca4695aa5...36.exe

windows7-x64

10

9ca4695aa5...36.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    9ca4695aa52e3bf468c2bfe36ecc105c730157a6927e4d96f5ca148c51534c36.exe

  • Size

    89KB

  • Sample

    241002-bvydaazgmq

  • MD5

    0ee20a416c4c752806bb696e44e7085e

  • SHA1

    54dae877a748a236f12f2d0a3eb34c63a8aa7a73

  • SHA256

    9ca4695aa52e3bf468c2bfe36ecc105c730157a6927e4d96f5ca148c51534c36

  • SHA512

    78f3c7b275893fe55e03cedfa929403b704bcb123f0cb13850cfed002a72cb6a4572ad3e376508e999406d0e408ca32cc65b11a9d7dca48265735a42da85bde7

  • SSDEEP

    1536:kcqdeKNDJYmE2YgAtHlwGSduaCCf4AMbXbnGQ3/aMclu6ZVcaOzaZPz:j0eKNDqmFGZaPgXbXbn/cXVOOZ

Score
10/10
xwormrattrojan

Malware Config

Extracted

Family

xworm

C2

f8terat.ddns.net:7000

78.70.235.238:7000
Attributes
  • Install_directory

    %Temp%

  • install_file

    updater.exe

  • telegram

    https://api.telegram.org/bot7084570776:AAHWfPRjpebc_dUAwpwOYQjDqVKGe1YgIxw/sendMessage?chat_id=5456205643

Targets

    • Target

      9ca4695aa52e3bf468c2bfe36ecc105c730157a6927e4d96f5ca148c51534c36.exe

    • Size

      89KB

    • MD5

      0ee20a416c4c752806bb696e44e7085e

    • SHA1

      54dae877a748a236f12f2d0a3eb34c63a8aa7a73

    • SHA256

      9ca4695aa52e3bf468c2bfe36ecc105c730157a6927e4d96f5ca148c51534c36

    • SHA512

      78f3c7b275893fe55e03cedfa929403b704bcb123f0cb13850cfed002a72cb6a4572ad3e376508e999406d0e408ca32cc65b11a9d7dca48265735a42da85bde7

    • SSDEEP

      1536:kcqdeKNDJYmE2YgAtHlwGSduaCCf4AMbXbnGQ3/aMclu6ZVcaOzaZPz:j0eKNDqmFGZaPgXbXbn/cXVOOZ

    Score
    10/10
    xwormrattrojan

    • Detect Xworm Payload

    • Xworm

      Xworm is a remote access trojan written in C#.

      trojanratxworm

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    behavioral1behavioral2

MITRE ATT&CK Matrix

Tasks