Overview

overview

10

Static

static

3

DeadPayload.exe

windows7-x64

10

DeadPayload.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    DeadPayload.exe

  • Size

    500KB

  • Sample

    241031-kxkpmswajp

  • MD5

    d6aa8be4d3e01013711974b9e0213600

  • SHA1

    9d26eccfb6d7455a76c0a41eba38578aaf2d41c0

  • SHA256

    039a630b2f6139fd5f1db717f03e372a12c489ec22c1a92d750fbfcb83c17069

  • SHA512

    a95e7edb2a0cda6c7d06b84ac165d843c64c6a1e344319ba3cf3d7d7f2790ae56f7d02f21c9e082d50604493479c0eca5f5b1cc2cd8cdfbc21aa9b65b3079ca3

  • SSDEEP

    12288:83DTkV1ilKya0FOUuQ0gH+kmtbF6W05EJXp107sdzO:2kGTy

Score
10/10
xwormrattrojan

Malware Config

Extracted

Family

xworm

Version

5.0

Mutex

QgVg78qW15uIsQ4H

Attributes
  • Install_directory

    %Public%

  • install_file

    ohh.exe

  • pastebin_url

    https://pastebin.com/raw/J09JweeH

aes.plain

Targets

    • Target

      DeadPayload.exe

    • Size

      500KB

    • MD5

      d6aa8be4d3e01013711974b9e0213600

    • SHA1

      9d26eccfb6d7455a76c0a41eba38578aaf2d41c0

    • SHA256

      039a630b2f6139fd5f1db717f03e372a12c489ec22c1a92d750fbfcb83c17069

    • SHA512

      a95e7edb2a0cda6c7d06b84ac165d843c64c6a1e344319ba3cf3d7d7f2790ae56f7d02f21c9e082d50604493479c0eca5f5b1cc2cd8cdfbc21aa9b65b3079ca3

    • SSDEEP

      12288:83DTkV1ilKya0FOUuQ0gH+kmtbF6W05EJXp107sdzO:2kGTy

    Score
    10/10
    xwormrattrojan

    • Detect Xworm Payload

    • Xworm

      Xworm is a remote access trojan written in C#.

      trojanratxworm

    • Xworm family

      xworm

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks