Overview

overview

10

Static

static

10

test2.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    test2.exe

  • Size

    55KB

  • Sample

    241109-mb4lqs1rcv

  • MD5

    08937179fe05585b1022f353822f5800

  • SHA1

    0e819ef45fba856c83f0c4395d5ee98779a6c457

  • SHA256

    a463af54be05508515f9b72b9d9e9f6cf27bbc8cb39e69169f4ec926bc7af666

  • SHA512

    8cb0c37a33d8fe6efd6266576f67ac45122f82ede53b513daec197a06b42aabc79b25d7cee7b8587f624cb00f3e08e62c1e24b63144c6979f7d96aabd16a1dbe

  • SSDEEP

    1536:A22xM7y1Vhg4ZDPbETtJ/aBs6zGkO1OvMLW:LLeZPbETtUBZGkO1ekW

Score
10/10
xwormdiscoveryrattrojan

Malware Config

Extracted

Family

xworm

C2

0.tcp.ap.ngrok.io:12725

Attributes
  • Install_directory

    %Public%

  • install_file

    hh.exe

Targets

    • Target

      test2.exe

    • Size

      55KB

    • MD5

      08937179fe05585b1022f353822f5800

    • SHA1

      0e819ef45fba856c83f0c4395d5ee98779a6c457

    • SHA256

      a463af54be05508515f9b72b9d9e9f6cf27bbc8cb39e69169f4ec926bc7af666

    • SHA512

      8cb0c37a33d8fe6efd6266576f67ac45122f82ede53b513daec197a06b42aabc79b25d7cee7b8587f624cb00f3e08e62c1e24b63144c6979f7d96aabd16a1dbe

    • SSDEEP

      1536:A22xM7y1Vhg4ZDPbETtJ/aBs6zGkO1OvMLW:LLeZPbETtUBZGkO1ekW

    Score
    10/10
    xwormdiscoveryrattrojan

    • Detect Xworm Payload

    • Xworm

      Xworm is a remote access trojan written in C#.

      trojanratxworm

    • Xworm family

      xworm

    • Downloads MZ/PE file

    • Executes dropped EXE

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    behavioral1

MITRE ATT&CK Enterprise v15

Tasks