Overview

overview

10

Static

static

3

d0bfdd6edc...e8.exe

windows7-x64

10

d0bfdd6edc...e8.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    d0bfdd6edc8dcadd18684351edbd1c517d1bf16645efa8ab7c42cf6c831307e8.exe

  • Size

    292KB

  • Sample

    241109-d7ykxszjer

  • MD5

    a6af62488d46c4546b3b9db4ce117ea6

  • SHA1

    ee3fbb6d6490450500ce960fa311f4582ec16b99

  • SHA256

    d0bfdd6edc8dcadd18684351edbd1c517d1bf16645efa8ab7c42cf6c831307e8

  • SHA512

    e1af114a25882a1dd1691ffca31f9bf263b6264b45b06cb2c90ea7d9229c66b43ea232f9c7c2daaf8b5bc173bd65e7cdfe5927d4d7ec3f0531ef74b2da6edae7

  • SSDEEP

    3072:CbpkJuuEpKi6m/PJivSaAFOg7lkjcWVig058YbEASbod9bt/:C

Score
10/10
xwormrattrojan

Malware Config

Extracted

Family

xworm

C2

23.ip.gl.ply.gg:7000

Attributes
  • Install_directory

    %Public%

  • install_file

    svchost.exe

Targets

    • Target

      d0bfdd6edc8dcadd18684351edbd1c517d1bf16645efa8ab7c42cf6c831307e8.exe

    • Size

      292KB

    • MD5

      a6af62488d46c4546b3b9db4ce117ea6

    • SHA1

      ee3fbb6d6490450500ce960fa311f4582ec16b99

    • SHA256

      d0bfdd6edc8dcadd18684351edbd1c517d1bf16645efa8ab7c42cf6c831307e8

    • SHA512

      e1af114a25882a1dd1691ffca31f9bf263b6264b45b06cb2c90ea7d9229c66b43ea232f9c7c2daaf8b5bc173bd65e7cdfe5927d4d7ec3f0531ef74b2da6edae7

    • SSDEEP

      3072:CbpkJuuEpKi6m/PJivSaAFOg7lkjcWVig058YbEASbod9bt/:C

    Score
    10/10
    xwormrattrojan

    • Detect Xworm Payload

    • Xworm

      Xworm is a remote access trojan written in C#.

      trojanratxworm

    • Xworm family

      xworm

    • Executes dropped EXE

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    behavioral1behavioral2

MITRE ATT&CK Matrix

Tasks