Overview

overview

10

Static

static

10

a16dfd5a9f...71.exe

windows7-x64

10

a16dfd5a9f...71.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    a16dfd5a9f62ca6480568f9e3e6a9a0b070cb5a82029dbad87a8df4823f8c371.exe

  • Size

    36KB

  • Sample

    241103-d2k3mstejc

  • MD5

    fccff79af62a4c34fdf4afb410fbaf86

  • SHA1

    7fc71ef7fb4aa436b93ec4b6a825fee64501460f

  • SHA256

    a16dfd5a9f62ca6480568f9e3e6a9a0b070cb5a82029dbad87a8df4823f8c371

  • SHA512

    16984aed999d32117a0afd9348b5bb12ee9abfec6a8ac2a4efdc494b93924048e42f145d1b8a99232f90d832aa22d4e6d9145aac3ff44e47648e1d5eef6e8d8e

  • SSDEEP

    384:1HqouAgAkffHnjuNWoAgLWanS3FLZcWzWCX+280wpkFMAfNLT2OZwxcV2v99IkH6:VzuAinEWaRC4QFm9YkOMh1kGq

Score
10/10
xwormrattrojan

Malware Config

Extracted

Family

xworm

Version

5.0

Mutex

aq3Fac3Pq9GHgZuk

Attributes
  • install_file

    USB.exe

  • pastebin_url

    https://pastebin.com/raw/juxAi7cy

aes.plain

Targets

    • Target

      a16dfd5a9f62ca6480568f9e3e6a9a0b070cb5a82029dbad87a8df4823f8c371.exe

    • Size

      36KB

    • MD5

      fccff79af62a4c34fdf4afb410fbaf86

    • SHA1

      7fc71ef7fb4aa436b93ec4b6a825fee64501460f

    • SHA256

      a16dfd5a9f62ca6480568f9e3e6a9a0b070cb5a82029dbad87a8df4823f8c371

    • SHA512

      16984aed999d32117a0afd9348b5bb12ee9abfec6a8ac2a4efdc494b93924048e42f145d1b8a99232f90d832aa22d4e6d9145aac3ff44e47648e1d5eef6e8d8e

    • SSDEEP

      384:1HqouAgAkffHnjuNWoAgLWanS3FLZcWzWCX+280wpkFMAfNLT2OZwxcV2v99IkH6:VzuAinEWaRC4QFm9YkOMh1kGq

    Score
    10/10
    xwormrattrojan

    • Detect Xworm Payload

    • Xworm

      Xworm is a remote access trojan written in C#.

      trojanratxworm

    • Xworm family

      xworm

    • Legitimate hosting services abused for malware hosting/C2

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks