Overview

overview

10

Static

static

3

jjjçtepad.exe

windows7-x64

10

jjjçtepad.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    jjjçtepad.exe

  • Size

    879KB

  • Sample

    241101-1k8hyawbme

  • MD5

    ba63790213ee68adc6333242a703cdd3

  • SHA1

    07e578b9206de65de0ffa19b01e59127bad21072

  • SHA256

    ea7c3fd6786b6374e94f001d75ad9ddc53ee8316cc20cd0d6978eba6fb6caaa7

  • SHA512

    6d365291e5ade1e7047528637b079458933e9eed726f2d79c5f806414c445a8da2a4adee40fe1e2f32a65936975ab79ba6ef22ed57ec933ad1a5dce880f5ba2e

  • SSDEEP

    12288:TlVYSjCSUFFIn2qH+Pc4w1dltLNe7ZfF5IrQ2NYpxfrOLi6820Y5GpX:ZVYs+Fc9ePlw1dltIb2EUi68PY5GJ

Score
10/10
xwormrattrojan

Malware Config

Extracted

Family

xworm

C2

83.38.24.1:1603

Attributes
  • Install_directory

    %Temp%

  • install_file

    SecurityHealthSystray.exe

Targets

    • Target

      jjjçtepad.exe

    • Size

      879KB

    • MD5

      ba63790213ee68adc6333242a703cdd3

    • SHA1

      07e578b9206de65de0ffa19b01e59127bad21072

    • SHA256

      ea7c3fd6786b6374e94f001d75ad9ddc53ee8316cc20cd0d6978eba6fb6caaa7

    • SHA512

      6d365291e5ade1e7047528637b079458933e9eed726f2d79c5f806414c445a8da2a4adee40fe1e2f32a65936975ab79ba6ef22ed57ec933ad1a5dce880f5ba2e

    • SSDEEP

      12288:TlVYSjCSUFFIn2qH+Pc4w1dltLNe7ZfF5IrQ2NYpxfrOLi6820Y5GpX:ZVYs+Fc9ePlw1dltIb2EUi68PY5GJ

    Score
    10/10
    xwormrattrojan

    • Detect Xworm Payload

    • Xworm

      Xworm is a remote access trojan written in C#.

      trojanratxworm

    • Xworm family

      xworm

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks