Overview

overview

10

Static

static

10

938386b9f5...9d.exe

windows7-x64

10

938386b9f5...9d.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    938386b9f508c8d0c5cfe1a41248e2cbdf42fe29a93910598bd94bfee605159d

  • Size

    75KB

  • Sample

    241101-yhsnlaspgs

  • MD5

    b365e0449d1e426156963af99da3f9c1

  • SHA1

    0ec88a37b6bb449755bf27001a199e134bc301c1

  • SHA256

    938386b9f508c8d0c5cfe1a41248e2cbdf42fe29a93910598bd94bfee605159d

  • SHA512

    03a7ef914122c3985de15b8e49025c8d4f784aa9452ed123023a3e5e0ef19a52f013bf7d572aa997c347770d95dc60b516074f0ac4d29fbd1e0dfccd49044c51

  • SSDEEP

    1536:nLWDJ52ww4G5bzEAFt0bHwf0gJGLt6Max7OZ0Pq7v:n6T2lRn/0bHwMjwOW6v

Score
10/10
xwormrattrojan

Malware Config

Extracted

Family

xworm

C2

127.0.0.1:6000

103.211.201.109:6000
Attributes
  • Install_directory

    %AppData%

  • install_file

    XClient.exe

  • telegram

    https://api.telegram.org/bot7929370892:AAGwrX5TeyxQidZdAEm_Z6-CDvPUOQzVY1M

Targets

    • Target

      938386b9f508c8d0c5cfe1a41248e2cbdf42fe29a93910598bd94bfee605159d

    • Size

      75KB

    • MD5

      b365e0449d1e426156963af99da3f9c1

    • SHA1

      0ec88a37b6bb449755bf27001a199e134bc301c1

    • SHA256

      938386b9f508c8d0c5cfe1a41248e2cbdf42fe29a93910598bd94bfee605159d

    • SHA512

      03a7ef914122c3985de15b8e49025c8d4f784aa9452ed123023a3e5e0ef19a52f013bf7d572aa997c347770d95dc60b516074f0ac4d29fbd1e0dfccd49044c51

    • SSDEEP

      1536:nLWDJ52ww4G5bzEAFt0bHwf0gJGLt6Max7OZ0Pq7v:n6T2lRn/0bHwMjwOW6v

    Score
    10/10
    xwormrattrojan

    • Detect Xworm Payload

    • Xworm

      Xworm is a remote access trojan written in C#.

      trojanratxworm

    • Xworm family

      xworm

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    behavioral1behavioral2

MITRE ATT&CK Matrix

Tasks