Overview

overview

10

Static

static

10

401d3bc82f...4f.exe

windows7-x64

10

401d3bc82f...4f.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    401d3bc82fc9b3bae9e8a1cc304945be8d2ef546d50c7d89c511444969e07a4f.exe

  • Size

    205KB

  • Sample

    241101-drpcbawdqa

  • MD5

    f81000258a9d6b304be9df8c12f076ab

  • SHA1

    6a7c3aecca9bdcba796390fb566f173f84d7dffa

  • SHA256

    401d3bc82fc9b3bae9e8a1cc304945be8d2ef546d50c7d89c511444969e07a4f

  • SHA512

    4c7f643aaa3f2c608ec0f4d276e2808c6af814b5fca69d13d886760c395a27752d6b5823d7c6f0f7021fad60d98b9aa6fda0e62c97306b37984aa348c83b42df

  • SSDEEP

    3072:hyD3jQEa4CFv95kOMS8SKfbzxcwg7es6/Vsb8VKTup49oJMfF/H9N3Ky9NzLnk:40Eav9rUhcX7elbKTuq9bfF/H9d9n

Score
10/10
xwormrattrojan

Malware Config

Extracted

Family

xworm

Version

5.0

C2

92.97.115.117:7000

Mutex

LAe6rbNNdCfi3jpE

Attributes
  • Install_directory

    %AppData%

  • install_file

    USB.exe

aes.plain

Targets

    • Target

      401d3bc82fc9b3bae9e8a1cc304945be8d2ef546d50c7d89c511444969e07a4f.exe

    • Size

      205KB

    • MD5

      f81000258a9d6b304be9df8c12f076ab

    • SHA1

      6a7c3aecca9bdcba796390fb566f173f84d7dffa

    • SHA256

      401d3bc82fc9b3bae9e8a1cc304945be8d2ef546d50c7d89c511444969e07a4f

    • SHA512

      4c7f643aaa3f2c608ec0f4d276e2808c6af814b5fca69d13d886760c395a27752d6b5823d7c6f0f7021fad60d98b9aa6fda0e62c97306b37984aa348c83b42df

    • SSDEEP

      3072:hyD3jQEa4CFv95kOMS8SKfbzxcwg7es6/Vsb8VKTup49oJMfF/H9N3Ky9NzLnk:40Eav9rUhcX7elbKTuq9bfF/H9d9n

    Score
    10/10
    xwormrattrojan

    • Detect Xworm Payload

    • Xworm

      Xworm is a remote access trojan written in C#.

      trojanratxworm

    • Xworm family

      xworm

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    behavioral1behavioral2

MITRE ATT&CK Matrix

Tasks