Overview

overview

10

Static

static

3

freerobux.exe

windows10-ltsc 2021-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    freerobux.exe

  • Size

    300KB

  • Sample

    241108-xv6wbaxfpa

  • MD5

    271deddfd2e90b39dfd1f4990338f1ca

  • SHA1

    b3f52883fdc471b35d21eeb7c99b42cbe16da16d

  • SHA256

    765cc7c9a8a553a1aee84ce84cdcc4706cc73d84c49b2c354ce864d53cbdba40

  • SHA512

    114d6e3a2106b16250ac0865dda14c6f9b8444b931c2fa749e84fca22ce6320ce3edeb07dc1dabf5a4dd02ae8a8e90ee737447f8bc012ea1d5020856105440a2

  • SSDEEP

    3072:ehWu6gKlGmaC4CN8KI7inGK1uUg9SaJSgQ6pCtiFCz4:

Score
10/10
xwormrattrojan

Malware Config

Extracted

Family

xworm

C2

23.ip.gl.ply.gg:7000

Attributes
  • Install_directory

    %Public%

  • install_file

    svchost.exe

Targets

    • Target

      freerobux.exe

    • Size

      300KB

    • MD5

      271deddfd2e90b39dfd1f4990338f1ca

    • SHA1

      b3f52883fdc471b35d21eeb7c99b42cbe16da16d

    • SHA256

      765cc7c9a8a553a1aee84ce84cdcc4706cc73d84c49b2c354ce864d53cbdba40

    • SHA512

      114d6e3a2106b16250ac0865dda14c6f9b8444b931c2fa749e84fca22ce6320ce3edeb07dc1dabf5a4dd02ae8a8e90ee737447f8bc012ea1d5020856105440a2

    • SSDEEP

      3072:ehWu6gKlGmaC4CN8KI7inGK1uUg9SaJSgQ6pCtiFCz4:

    Score
    10/10
    xwormrattrojan

    • Detect Xworm Payload

    • Xworm

      Xworm is a remote access trojan written in C#.

      trojanratxworm

    • Xworm family

      xworm

    • Executes dropped EXE

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    behavioral1

MITRE ATT&CK Matrix

Tasks

We care about your privacy.

This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.