Overview

overview

10

Static

static

3

Code Stealer King.exe

windows11-21h2-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    Code Stealer King.exe

  • Size

    362KB

  • Sample

    241104-g4h8lswbmg

  • MD5

    fca35ebbd101177aeeb22771f19ce660

  • SHA1

    e4458983b396d9f009216ccbd8214311204c2d42

  • SHA256

    ff984e86a415db21ebef7396d3b0d46884300a3b69d3ae4626a3b7dff7ebdbf7

  • SHA512

    36ab1b2e2153dda5e8bf40aeb96f6ae31721f78a29161222d38975f355f003f1ec493e2adfcd2d06be876408a65ff55ba82ed8fc6c3584fe9329d968630a5b92

  • SSDEEP

    6144:0yr8TSA5BssGOE33CFi5f/+3I3x4Hdtj+i3cqA5rGI5/4OTy6zccBamnLoqPdRiy:0RT15B1GOa3C4ZAQ6HdtHpAQI5/4XUBL

Score
10/10
xwormrattrojan

Malware Config

Extracted

Family

xworm

C2

147.185.221.21:27938

Attributes
  • Install_directory

    %Userprofile%

  • install_file

    svchost.exe

  • telegram

    https://api.telegram.org/bot6575053517:AAHfQSqLTvzOajvn1QldlaGUVj-u9hK2upc/sendMessage?chat_id=7492036336

Targets

    • Target

      Code Stealer King.exe

    • Size

      362KB

    • MD5

      fca35ebbd101177aeeb22771f19ce660

    • SHA1

      e4458983b396d9f009216ccbd8214311204c2d42

    • SHA256

      ff984e86a415db21ebef7396d3b0d46884300a3b69d3ae4626a3b7dff7ebdbf7

    • SHA512

      36ab1b2e2153dda5e8bf40aeb96f6ae31721f78a29161222d38975f355f003f1ec493e2adfcd2d06be876408a65ff55ba82ed8fc6c3584fe9329d968630a5b92

    • SSDEEP

      6144:0yr8TSA5BssGOE33CFi5f/+3I3x4Hdtj+i3cqA5rGI5/4OTy6zccBamnLoqPdRiy:0RT15B1GOa3C4ZAQ6HdtHpAQI5/4XUBL

    Score
    10/10
    xwormrattrojan

    • Detect Xworm Payload

    • Xworm

      Xworm is a remote access trojan written in C#.

      trojanratxworm

    • Xworm family

      xworm

    • Executes dropped EXE

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    behavioral1

MITRE ATT&CK Enterprise v15

Tasks