Overview

overview

10

Static

static

3

ca499aa6e0...c8.exe

windows7-x64

10

ca499aa6e0...c8.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    ca499aa6e07866d66b5a5c094b183e81bc56d92a6caaf202da6c520437c93cc8

  • Size

    58KB

  • Sample

    241105-ecrdssvbrp

  • MD5

    469b78eefebb0c3f12c842b4f323de93

  • SHA1

    a54fc77abf4dae800de294f2431cf5150d01e877

  • SHA256

    ca499aa6e07866d66b5a5c094b183e81bc56d92a6caaf202da6c520437c93cc8

  • SHA512

    45f98e88285f4f6b5cc1bb696110499c54db6a0ac58b0c33c9c90fe4c66009b8fec71711371e80db532183a6dec416787e84ee0b26f9017d8b41fee2b803cdd6

  • SSDEEP

    768:x7MZ4sXKZQmh8kx7j8WjS51zgLF4fg7tr8K/YoCrjq0KQXdNsOPAufXZjfrC/1UQ:fsdmh8K7jrO5d2gRpKWNtP3/ZjzvD

Score
10/10
xwormdiscoveryrattrojan

Malware Config

Extracted

Family

xworm

C2

materials-defects.gl.at.ply.gg:39616

Mutex

rIuGGTci5WjqsMOs

Attributes
  • install_file

    USB.exe

aes.plain

Targets

    • Target

      ca499aa6e07866d66b5a5c094b183e81bc56d92a6caaf202da6c520437c93cc8

    • Size

      58KB

    • MD5

      469b78eefebb0c3f12c842b4f323de93

    • SHA1

      a54fc77abf4dae800de294f2431cf5150d01e877

    • SHA256

      ca499aa6e07866d66b5a5c094b183e81bc56d92a6caaf202da6c520437c93cc8

    • SHA512

      45f98e88285f4f6b5cc1bb696110499c54db6a0ac58b0c33c9c90fe4c66009b8fec71711371e80db532183a6dec416787e84ee0b26f9017d8b41fee2b803cdd6

    • SSDEEP

      768:x7MZ4sXKZQmh8kx7j8WjS51zgLF4fg7tr8K/YoCrjq0KQXdNsOPAufXZjfrC/1UQ:fsdmh8K7jrO5d2gRpKWNtP3/ZjzvD

    Score
    10/10
    xwormdiscoveryrattrojan

    • Detect Xworm Payload

    • Xworm

      Xworm is a remote access trojan written in C#.

      trojanratxworm

    • Xworm family

      xworm

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks