Overview

overview

10

Static

static

10

efc67571d4...51.exe

windows7-x64

10

efc67571d4...51.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    efc67571d4adc9ff916e5c21f28333b772accd2ed0cf974f293ec5ceb5b41651

  • Size

    54KB

  • Sample

    241101-yksrdaspht

  • MD5

    c9025b7c41ecf914e50db39dabb6e8ea

  • SHA1

    0ceb705e7ebc933c43fd272c2b6a7645d185d9d3

  • SHA256

    efc67571d4adc9ff916e5c21f28333b772accd2ed0cf974f293ec5ceb5b41651

  • SHA512

    ee996504616805b1c0bf905aed97bdec04642fce08043f371369e7d955d31dbc78895d159d424e074ebb4756e465e3b01afe044676b36a9305e4070d6d0e9d05

  • SSDEEP

    768:j9mCcisvRR+tnDJ/ZKUpM1QfkUWYGMgkb4hKANrbRnhyxIQtGO94l0O/hAWkhl0X:jiTEnDVlWYokb4hL0x7tGpGO/+d0X

Score
10/10
xwormrattrojan

Malware Config

Extracted

Family

xworm

C2

https://pastebin.com/raw/LWUHVqrD:48602480

Attributes
  • install_file

    USB.exe

  • pastebin_url

    https://pastebin.com/raw/LWUHVqrD

Targets

    • Target

      efc67571d4adc9ff916e5c21f28333b772accd2ed0cf974f293ec5ceb5b41651

    • Size

      54KB

    • MD5

      c9025b7c41ecf914e50db39dabb6e8ea

    • SHA1

      0ceb705e7ebc933c43fd272c2b6a7645d185d9d3

    • SHA256

      efc67571d4adc9ff916e5c21f28333b772accd2ed0cf974f293ec5ceb5b41651

    • SHA512

      ee996504616805b1c0bf905aed97bdec04642fce08043f371369e7d955d31dbc78895d159d424e074ebb4756e465e3b01afe044676b36a9305e4070d6d0e9d05

    • SSDEEP

      768:j9mCcisvRR+tnDJ/ZKUpM1QfkUWYGMgkb4hKANrbRnhyxIQtGO94l0O/hAWkhl0X:jiTEnDVlWYokb4hL0x7tGpGO/+d0X

    Score
    10/10
    xwormrattrojan

    • Detect Xworm Payload

    • Xworm

      Xworm is a remote access trojan written in C#.

      trojanratxworm

    • Xworm family

      xworm

    • Legitimate hosting services abused for malware hosting/C2

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks