Overview

overview

10

Static

static

3

468a5e0255...1a.exe

windows7-x64

10

468a5e0255...1a.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    468a5e025514fd974528d09e6bbef2d90b64c82cb99a7e849c8dc6ef09c2df1a

  • Size

    293KB

  • Sample

    241110-12c4cswjhx

  • MD5

    857bfacd75f6fce15633c5c7d5e505c0

  • SHA1

    90eb6c2c7deecfa9a543f498ae32cc7229ed029e

  • SHA256

    468a5e025514fd974528d09e6bbef2d90b64c82cb99a7e849c8dc6ef09c2df1a

  • SHA512

    fcbb982c1e8301994054caf4fb887b4cce7e3c7ff514d9927cc2c542e5842edd588f8d00e279d89d5d606b6fb275bfb81a9ceae69dac74fc0b947eef763bfe84

  • SSDEEP

    3072:GpkJuuEpKi6m/PJivSaAFOg7lkjcWVig058YbEASbod9btx:

Score
10/10
xwormrattrojan

Malware Config

Extracted

Family

xworm

C2

23.ip.gl.ply.gg:7000

Attributes
  • Install_directory

    %Public%

  • install_file

    svchost.exe

Targets

    • Target

      468a5e025514fd974528d09e6bbef2d90b64c82cb99a7e849c8dc6ef09c2df1a

    • Size

      293KB

    • MD5

      857bfacd75f6fce15633c5c7d5e505c0

    • SHA1

      90eb6c2c7deecfa9a543f498ae32cc7229ed029e

    • SHA256

      468a5e025514fd974528d09e6bbef2d90b64c82cb99a7e849c8dc6ef09c2df1a

    • SHA512

      fcbb982c1e8301994054caf4fb887b4cce7e3c7ff514d9927cc2c542e5842edd588f8d00e279d89d5d606b6fb275bfb81a9ceae69dac74fc0b947eef763bfe84

    • SSDEEP

      3072:GpkJuuEpKi6m/PJivSaAFOg7lkjcWVig058YbEASbod9btx:

    Score
    10/10
    xwormrattrojan

    • Detect Xworm Payload

    • Xworm

      Xworm is a remote access trojan written in C#.

      trojanratxworm

    • Xworm family

      xworm

    • Executes dropped EXE

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    behavioral1behavioral2

MITRE ATT&CK Matrix

Tasks