Overview

overview

10

Static

static

10

9ca4695aa5...36.exe

windows7-x64

10

9ca4695aa5...36.exe

windows10-2004-x64

10

Analysis

  • max time kernel
    16s
  • max time network
    17s
  • platform
    windows7_x64
  • resource
    win7-20240729-en
  • resource tags

    arch:x64arch:x86image:win7-20240729-enlocale:en-usos:windows7-x64system
  • submitted
    02-10-2024 01:28

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    9ca4695aa52e3bf468c2bfe36ecc105c730157a6927e4d96f5ca148c51534c36.exe

  • Size

    89KB

  • MD5

    0ee20a416c4c752806bb696e44e7085e

  • SHA1

    54dae877a748a236f12f2d0a3eb34c63a8aa7a73

  • SHA256

    9ca4695aa52e3bf468c2bfe36ecc105c730157a6927e4d96f5ca148c51534c36

  • SHA512

    78f3c7b275893fe55e03cedfa929403b704bcb123f0cb13850cfed002a72cb6a4572ad3e376508e999406d0e408ca32cc65b11a9d7dca48265735a42da85bde7

  • SSDEEP

    1536:kcqdeKNDJYmE2YgAtHlwGSduaCCf4AMbXbnGQ3/aMclu6ZVcaOzaZPz:j0eKNDqmFGZaPgXbXbn/cXVOOZ

Score
10/10
xwormrattrojan

Malware Config

Extracted

Family

xworm

C2

f8terat.ddns.net:7000

78.70.235.238:7000
Attributes
  • Install_directory

    %Temp%

  • install_file

    updater.exe

  • telegram

    https://api.telegram.org/bot7084570776:AAHWfPRjpebc_dUAwpwOYQjDqVKGe1YgIxw/sendMessage?chat_id=5456205643

Signatures

  • Detect Xworm Payload 1 IoCs
  • Xworm

    Xworm is a remote access trojan written in C#.

    trojanratxworm
  • Looks up external IP address via web service 1 IoCs

    Uses a legitimate IP lookup service to find the infected system's external IP.

  • Suspicious use of AdjustPrivilegeToken 1 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\9ca4695aa52e3bf468c2bfe36ecc105c730157a6927e4d96f5ca148c51534c36.exe
    "C:\Users\Admin\AppData\Local\Temp\9ca4695aa52e3bf468c2bfe36ecc105c730157a6927e4d96f5ca148c51534c36.exe"
    1⤵
    • Suspicious use of AdjustPrivilegeToken
    PID:2144

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/2144-0-0x000007FEF5793000-0x000007FEF5794000-memory.dmp

    Filesize

    4KB

    Download

  • memory/2144-1-0x00000000000B0000-0x00000000000CC000-memory.dmp

    Filesize

    112KB

    Download

  • memory/2144-2-0x000007FEF5790000-0x000007FEF617C000-memory.dmp

    Filesize

    9.9MB

    Download

  • memory/2144-3-0x000007FEF5790000-0x000007FEF617C000-memory.dmp

    Filesize

    9.9MB

    Download