Overview

overview

10

Static

static

3

7245244c75...66.exe

windows7-x64

10

7245244c75...66.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    7245244c75276269f56cce5f81194681a881d4746a7abec6807f28a19b04ba66.exe

  • Size

    703KB

  • Sample

    241109-deex4swcne

  • MD5

    951a32aa2dc318f958f6343a90520b9a

  • SHA1

    c54777ef2b539737582b700935beb4d09da9eaf2

  • SHA256

    7245244c75276269f56cce5f81194681a881d4746a7abec6807f28a19b04ba66

  • SHA512

    25fade9e618fc12220863fea258cb9b00ea6e3459c5d66e0951b3ee8d846fb33259160d1b826f58589c003593961652ecaaf252aadbeaf5371f8ee888a211547

  • SSDEEP

    12288:vp4ZLalVqAJVLBNAliYOapsNlW3R5rad8pz4U1tF5qBsy7BnX+uUnsAS:v+Z2/rJjNAliYOBMrE8GUaBsyNXmF

Score
10/10
xwormdiscoveryrattrojan

Malware Config

Extracted

Family

xworm

Version

5.0

C2

87.120.117.209:7000

Mutex

U2y4hALpuDGJOJr0

Attributes
  • install_file

    USB.exe

aes.plain

Targets

    • Target

      7245244c75276269f56cce5f81194681a881d4746a7abec6807f28a19b04ba66.exe

    • Size

      703KB

    • MD5

      951a32aa2dc318f958f6343a90520b9a

    • SHA1

      c54777ef2b539737582b700935beb4d09da9eaf2

    • SHA256

      7245244c75276269f56cce5f81194681a881d4746a7abec6807f28a19b04ba66

    • SHA512

      25fade9e618fc12220863fea258cb9b00ea6e3459c5d66e0951b3ee8d846fb33259160d1b826f58589c003593961652ecaaf252aadbeaf5371f8ee888a211547

    • SSDEEP

      12288:vp4ZLalVqAJVLBNAliYOapsNlW3R5rad8pz4U1tF5qBsy7BnX+uUnsAS:v+Z2/rJjNAliYOBMrE8GUaBsyNXmF

    Score
    10/10
    xwormdiscoveryrattrojan

    • Detect Xworm Payload

    • Xworm

      Xworm is a remote access trojan written in C#.

      trojanratxworm

    • Xworm family

      xworm

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks