Overview

overview

10

Static

static

3

Loaded GUI...OM.exe

windows7-x64

10

Loaded GUI...OM.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    Loaded GUI SUPER X GODDOM.exe

  • Size

    15.8MB

  • Sample

    241109-krvmnazrgy

  • MD5

    122c870b4666083d8672bc45c79db494

  • SHA1

    c8a1b264e6178bb4cf52d022238899036e94574e

  • SHA256

    11af9ee8c345dd8c529ac2ec08ac51129531edb0cfd1fa5a580a36c642502163

  • SHA512

    23a0c79a6507c001d4d656d44a7784715d28e6c5c9716923e9f384b7875f53501fbab397014c3686486689ea33168773bf69af30c3c01fe7f931a65d29da2833

  • SSDEEP

    393216:MNBDE4WXRLTfyXE/rEmkNInlv8K/HSTYwEX9mr4BGk/2uXj:MNJE4Yr+E/rR19xOYwFI+

Score
10/10
xwormpersistenceprivilege_escalationrattrojan

Malware Config

Extracted

Family

xworm

Version

5.0

C2

client-toilet.gl.at.ply.gg:29921

Mutex

NvsfH1XO1syyGREn

Attributes
  • Install_directory

    %AppData%

  • install_file

    XClient.exe

aes.plain

Targets

    • Target

      Loaded GUI SUPER X GODDOM.exe

    • Size

      15.8MB

    • MD5

      122c870b4666083d8672bc45c79db494

    • SHA1

      c8a1b264e6178bb4cf52d022238899036e94574e

    • SHA256

      11af9ee8c345dd8c529ac2ec08ac51129531edb0cfd1fa5a580a36c642502163

    • SHA512

      23a0c79a6507c001d4d656d44a7784715d28e6c5c9716923e9f384b7875f53501fbab397014c3686486689ea33168773bf69af30c3c01fe7f931a65d29da2833

    • SSDEEP

      393216:MNBDE4WXRLTfyXE/rEmkNInlv8K/HSTYwEX9mr4BGk/2uXj:MNJE4Yr+E/rR19xOYwFI+

    Score
    10/10
    xwormrattrojanpersistenceprivilege_escalation

    • Detect Xworm Payload

    • Xworm

      Xworm is a remote access trojan written in C#.

      trojanratxworm

    • Xworm family

      xworm

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks