Overview

overview

10

Static

static

10

2180-1-0x0...ry.exe

windows7-x64

2180-1-0x0...ry.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    2180-1-0x00000000002F0000-0x000000000075A000-memory.dmp

  • Size

    4.4MB

  • Sample

    241106-vbld6avarm

  • MD5

    5df7a3201da0da17e30ba3e59cd95a48

  • SHA1

    d53433eca9121359d50180d92c68944d00dd56e6

  • SHA256

    cbf8d272e5e3b70d90186e5cd47523afbd7fc2a20003928c90f23bdb761ffb29

  • SHA512

    3958bf5c1a75f61e633451e6ccfb41cf636230ac3dea45408712e6414040684cd1cff306316d6592cadab95153bdf75551cd4fdcc9055b386222b8a9e60c2a67

  • SSDEEP

    98304:+KoJ0hutMmvZiOJqzhdatyXJDn+ZoJVZUiMd7+FttcWOtojJ:+nZZ+dagXJr5TZUb+/yfqV

Score
10/10
xwormrattrojan

Malware Config

Extracted

Family

xworm

Version

5.0

C2

127.0.0.1:8938

Mutex

rrUYjJlOwwu2jjkk

Attributes
  • install_file

    USB.exe

aes.plain

Targets

    • Target

      2180-1-0x00000000002F0000-0x000000000075A000-memory.dmp

    • Size

      4.4MB

    • MD5

      5df7a3201da0da17e30ba3e59cd95a48

    • SHA1

      d53433eca9121359d50180d92c68944d00dd56e6

    • SHA256

      cbf8d272e5e3b70d90186e5cd47523afbd7fc2a20003928c90f23bdb761ffb29

    • SHA512

      3958bf5c1a75f61e633451e6ccfb41cf636230ac3dea45408712e6414040684cd1cff306316d6592cadab95153bdf75551cd4fdcc9055b386222b8a9e60c2a67

    • SSDEEP

      98304:+KoJ0hutMmvZiOJqzhdatyXJDn+ZoJVZUiMd7+FttcWOtojJ:+nZZ+dagXJr5TZUb+/yfqV

    Score
    10/10
    xwormrattrojan

    • Detect Xworm Payload

    • Xworm

      Xworm is a remote access trojan written in C#.

      trojanratxworm

    • Xworm family

      xworm
    behavioral1behavioral2

MITRE ATT&CK Matrix

Tasks