Overview

overview

10

Static

static

10

output8716.exe

windows10-ltsc 2021-x64

10

output8716.exe

windows11-21h2-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    output8716.exe

  • Size

    45KB

  • Sample

    241103-3v89bszrfm

  • MD5

    411f6cdfdf49c7313e69d6bfa2096cc6

  • SHA1

    66dbee1fd472acf6e91c7f6be9ba06fd858cebbb

  • SHA256

    2a81809c09f403507cae4b402b3eebe0113e5f1897502aa1d4f256ee220371a2

  • SHA512

    f6d7b1fda8ee901e2ca5ebcdf9b8fca58b25fabacea376f463c61dc9114d2078b212c160a250c2caeb8d2f81a3eb749b81819c2561b54f8a3e128e017bc7d797

  • SSDEEP

    768:XurlDweV3OOVbADM9W1v9NfgkBpuAuREcNcl6lVvD4xeVhKfkgLbFEPa9pvOR6iL:XADweQKADMkV9GkSAcRa0lZrOD/FJ9NM

Score
10/10
xwormrattrojan

Malware Config

Extracted

Family

xworm

Version

5.0

C2

map-casio.gl.at.ply.gg:57345

Mutex

bHwR6WxR0s3rWvJq

Attributes
  • Install_directory

    %Public%

  • install_file

    XClient.exe

aes.plain

Targets

    • Target

      output8716.exe

    • Size

      45KB

    • MD5

      411f6cdfdf49c7313e69d6bfa2096cc6

    • SHA1

      66dbee1fd472acf6e91c7f6be9ba06fd858cebbb

    • SHA256

      2a81809c09f403507cae4b402b3eebe0113e5f1897502aa1d4f256ee220371a2

    • SHA512

      f6d7b1fda8ee901e2ca5ebcdf9b8fca58b25fabacea376f463c61dc9114d2078b212c160a250c2caeb8d2f81a3eb749b81819c2561b54f8a3e128e017bc7d797

    • SSDEEP

      768:XurlDweV3OOVbADM9W1v9NfgkBpuAuREcNcl6lVvD4xeVhKfkgLbFEPa9pvOR6iL:XADweQKADMkV9GkSAcRa0lZrOD/FJ9NM

    Score
    10/10
    xwormrattrojan

    • Detect Xworm Payload

    • Xworm

      Xworm is a remote access trojan written in C#.

      trojanratxworm

    • Xworm family

      xworm

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    behavioral1behavioral2

MITRE ATT&CK Matrix

Tasks