Overview

overview

10

Static

static

3

0f659dec72...33.exe

windows7-x64

10

0f659dec72...33.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    0f659dec7213d244ebd6fb42cf85981b6a55e91b7f4d1db1dbfa9e21c9d7e633

  • Size

    100KB

  • Sample

    241103-yg26mssepe

  • MD5

    e56c93a71f5733ebc322a33658d19822

  • SHA1

    dbfc91851cffa4dcc8ef2bd394f14e7e9d3da139

  • SHA256

    0f659dec7213d244ebd6fb42cf85981b6a55e91b7f4d1db1dbfa9e21c9d7e633

  • SHA512

    edc74826f32c148484509af0e4b8f55d66e16b10cb52d0ec2c43342d215ecee873fba7a56a8f2b43d133d2057e273d70b60d44e1fcf5376733a666bc701a859f

  • SSDEEP

    1536:bEOwgFowSgnVVVHzExnAdgVxDSMnEiqIYdfi/GExtulSpn:4rwanDVxjqdIntulS

Score
10/10
xwormdiscoveryrattrojan

Malware Config

Extracted

Family

xworm

Version

3.1

C2

127.0.0.1:7000

Attributes
  • install_file

    USB.exe

Targets

    • Target

      0f659dec7213d244ebd6fb42cf85981b6a55e91b7f4d1db1dbfa9e21c9d7e633

    • Size

      100KB

    • MD5

      e56c93a71f5733ebc322a33658d19822

    • SHA1

      dbfc91851cffa4dcc8ef2bd394f14e7e9d3da139

    • SHA256

      0f659dec7213d244ebd6fb42cf85981b6a55e91b7f4d1db1dbfa9e21c9d7e633

    • SHA512

      edc74826f32c148484509af0e4b8f55d66e16b10cb52d0ec2c43342d215ecee873fba7a56a8f2b43d133d2057e273d70b60d44e1fcf5376733a666bc701a859f

    • SSDEEP

      1536:bEOwgFowSgnVVVHzExnAdgVxDSMnEiqIYdfi/GExtulSpn:4rwanDVxjqdIntulS

    Score
    10/10
    xwormdiscoveryrattrojan

    • Detect Xworm Payload

    • Xworm

      Xworm is a remote access trojan written in C#.

      trojanratxworm

    • Xworm family

      xworm

    • Executes dropped EXE

    • Loads dropped DLL

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks