Overview

overview

10

Static

static

3

XBinderOutput.exe

windows11-21h2-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    XBinderOutput.exe

  • Size

    61KB

  • Sample

    241110-jajnds1ras

  • MD5

    be47b3d2e81e3fbae1e8034caa6e4b81

  • SHA1

    612e0a8881176d9b7a74ae9653ed48a180221a0d

  • SHA256

    dc55486f92004381b246358ee4a1fa94359258dea19d9f600bf1d4a3a1f05cef

  • SHA512

    9edef77118aa36224f03f04135152a3afbd83e80166f8e8461ab7c02ed32ed505fa4c5c26a623a4b57472d59f2e947ef878c00798382d2c6b1a1c0ac1b5678cd

  • SSDEEP

    1536:SWBJbLzKbbUbMGhwEhlo1o4mDH2P4QoM9F:xJbcUwGiEf4mDH2AQoM9F

Score
10/10
xwormpersistencerattrojan

Malware Config

Extracted

Family

xworm

C2

about-publishing.gl.at.ply.gg:49157

Attributes
  • Install_directory

    %AppData%

  • install_file

    update.exe

Targets

    • Target

      XBinderOutput.exe

    • Size

      61KB

    • MD5

      be47b3d2e81e3fbae1e8034caa6e4b81

    • SHA1

      612e0a8881176d9b7a74ae9653ed48a180221a0d

    • SHA256

      dc55486f92004381b246358ee4a1fa94359258dea19d9f600bf1d4a3a1f05cef

    • SHA512

      9edef77118aa36224f03f04135152a3afbd83e80166f8e8461ab7c02ed32ed505fa4c5c26a623a4b57472d59f2e947ef878c00798382d2c6b1a1c0ac1b5678cd

    • SSDEEP

      1536:SWBJbLzKbbUbMGhwEhlo1o4mDH2P4QoM9F:xJbcUwGiEf4mDH2AQoM9F

    Score
    10/10
    xwormpersistencerattrojan

    • Detect Xworm Payload

    • Xworm

      Xworm is a remote access trojan written in C#.

      trojanratxworm

    • Xworm family

      xworm

    • Executes dropped EXE

    • Adds Run key to start application

      persistence

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    • Drops file in System32 directory

    behavioral1

MITRE ATT&CK Enterprise v15

Tasks