Overview

overview

10

Static

static

1

454ce3f4ae...2a.exe

windows7-x64

3

454ce3f4ae...2a.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    454ce3f4ae215b1412ba87e7f905c2cb33a2be013ebf1fc59d2ed26da7bd2e2a

  • Size

    44KB

  • Sample

    241102-1xsy1swnbz

  • MD5

    328234ba79d14ca9b1c8fb9de34c03a5

  • SHA1

    4a6fad811f28db47915b8cb15a2ff0e827fd7087

  • SHA256

    454ce3f4ae215b1412ba87e7f905c2cb33a2be013ebf1fc59d2ed26da7bd2e2a

  • SHA512

    7a12e917a99d6111c5d2d08e3f7593b3ebf54566d8b58879173b8fa20d1aa139c91ae5e1c2fa6a997f40de4b755031988861aaf0e5ca1f323d0b62fa9b171c3b

  • SSDEEP

    768:YCaQsurMj+c5tuwsxYhosVWTDphNLD1VWTDRVEV3GPkjHVWTDphNLD1VWTDRVEVh:hNcwwsxmo2UdHvUFOEGUdHvUFOEW

Score
10/10
xwormdiscoveryrattrojan

Malware Config

Extracted

Family

xworm

Version

5.0

C2

172.94.18.237:8888

Mutex

9HHcJsNTVQBaXsFM

Attributes
  • install_file

    USB.exe

  • telegram

    https://api.telegram.org/bot7282855399:AAGXhAziEUJIDGOiZlvBLXUoWfRcecAxFWE/sendMessage?chat_id=5602109141

aes.plain

Targets

    • Target

      454ce3f4ae215b1412ba87e7f905c2cb33a2be013ebf1fc59d2ed26da7bd2e2a

    • Size

      44KB

    • MD5

      328234ba79d14ca9b1c8fb9de34c03a5

    • SHA1

      4a6fad811f28db47915b8cb15a2ff0e827fd7087

    • SHA256

      454ce3f4ae215b1412ba87e7f905c2cb33a2be013ebf1fc59d2ed26da7bd2e2a

    • SHA512

      7a12e917a99d6111c5d2d08e3f7593b3ebf54566d8b58879173b8fa20d1aa139c91ae5e1c2fa6a997f40de4b755031988861aaf0e5ca1f323d0b62fa9b171c3b

    • SSDEEP

      768:YCaQsurMj+c5tuwsxYhosVWTDphNLD1VWTDRVEV3GPkjHVWTDphNLD1VWTDRVEVh:hNcwwsxmo2UdHvUFOEGUdHvUFOEW

    Score
    10/10
    discoveryxwormrattrojan

    • Detect Xworm Payload

    • Xworm

      Xworm is a remote access trojan written in C#.

      trojanratxworm

    • Xworm family

      xworm

    • Legitimate hosting services abused for malware hosting/C2

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks