Overview

overview

10

Static

static

10

8ede82663c...0N.exe

windows7-x64

10

8ede82663c...0N.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    8ede82663c5217559cb1d93800f776da29c3956bd88374e4050b4bb640c8c780N

  • Size

    344KB

  • Sample

    241110-m335aawblb

  • MD5

    29f1b2d4666c3b774d4a4a5306563430

  • SHA1

    049060d0a9ccbc7012941a503beed9c925d4aff1

  • SHA256

    8ede82663c5217559cb1d93800f776da29c3956bd88374e4050b4bb640c8c780

  • SHA512

    d99ea9256618614345c8b54c4ae8ed9444cad03597d850927b264abc299238874127616d32abbfed8f94113c0309823ce2b41138af0a677cb3fac04a6cbc6721

  • SSDEEP

    3072:PQYURt5I3bswN8rFAdMO0xAZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZ+ZZZZZ6:lBbns+GIIIIIIIhIIIIIIIIIIIIIIIU

Score
10/10
xwormrattrojan

Malware Config

Extracted

Family

xworm

C2

127.0.0.1:9999

Attributes
  • Install_directory

    %Temp%

  • install_file

    Steam.exe

Targets

    • Target

      8ede82663c5217559cb1d93800f776da29c3956bd88374e4050b4bb640c8c780N

    • Size

      344KB

    • MD5

      29f1b2d4666c3b774d4a4a5306563430

    • SHA1

      049060d0a9ccbc7012941a503beed9c925d4aff1

    • SHA256

      8ede82663c5217559cb1d93800f776da29c3956bd88374e4050b4bb640c8c780

    • SHA512

      d99ea9256618614345c8b54c4ae8ed9444cad03597d850927b264abc299238874127616d32abbfed8f94113c0309823ce2b41138af0a677cb3fac04a6cbc6721

    • SSDEEP

      3072:PQYURt5I3bswN8rFAdMO0xAZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZ+ZZZZZ6:lBbns+GIIIIIIIhIIIIIIIIIIIIIIIU

    Score
    10/10
    xwormrattrojan

    • Detect Xworm Payload

    • Xworm

      Xworm is a remote access trojan written in C#.

      trojanratxworm

    • Xworm family

      xworm

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    behavioral1behavioral2

MITRE ATT&CK Matrix

Tasks