Overview

overview

10

Static

static

10

2024-11-06...ar.exe

windows7-x64

10

2024-11-06...ar.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    2024-11-06_e37f07972d52cdb34edc686d6bea43c9_hiddentear

  • Size

    130KB

  • Sample

    241106-kbhcdswhpe

  • MD5

    e37f07972d52cdb34edc686d6bea43c9

  • SHA1

    0a8fe26602dff689807f62d390e142725b225bf9

  • SHA256

    04e7a61270808729b5f86f0c56d18e54a2f716d2e11ad9da358168b4f6e47266

  • SHA512

    97f7913da41f14008f16f62d1a59f141bcc9fc34c44e0bcd2d954887b237d96dd509c037ca38c82ff98fece2081e53a2672ea5d270a9c636c7000569f44c0758

  • SSDEEP

    3072:fd9KIAFE9jpOj4M+lmsolAIrRuw+mqv9j1MWLQI:fUE9s+lDAA

Score
10/10
latentbotxwormrattrojan

Malware Config

Extracted

Family

xworm

Version

5.0

C2

helloworld22.zapto.org:7001

Mutex

bulQIY3oCXFLsk45

Attributes
  • install_file

    USB.exe

aes.plain

Extracted

Family

latentbot

C2

helloworld22.zapto.org

Targets

    • Target

      2024-11-06_e37f07972d52cdb34edc686d6bea43c9_hiddentear

    • Size

      130KB

    • MD5

      e37f07972d52cdb34edc686d6bea43c9

    • SHA1

      0a8fe26602dff689807f62d390e142725b225bf9

    • SHA256

      04e7a61270808729b5f86f0c56d18e54a2f716d2e11ad9da358168b4f6e47266

    • SHA512

      97f7913da41f14008f16f62d1a59f141bcc9fc34c44e0bcd2d954887b237d96dd509c037ca38c82ff98fece2081e53a2672ea5d270a9c636c7000569f44c0758

    • SSDEEP

      3072:fd9KIAFE9jpOj4M+lmsolAIrRuw+mqv9j1MWLQI:fUE9s+lDAA

    Score
    10/10
    latentbotxwormrattrojan

    • Detect Xworm Payload

    • LatentBot

      Modular trojan written in Delphi which has been in-the-wild since 2013.

      trojanlatentbot

    • Latentbot family

      latentbot

    • Xworm

      Xworm is a remote access trojan written in C#.

      trojanratxworm

    • Xworm family

      xworm
    behavioral1behavioral2

MITRE ATT&CK Matrix

Tasks