Overview

overview

10

Static

static

3

NEXUS MULT...V2.exe

windows7-x64

10

NEXUS MULT...V2.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    NEXUS MULTI TOOL CB V2.exe

  • Size

    232KB

  • Sample

    241110-qq43laxeqp

  • MD5

    fdd20779b1be9cababe4aa6f5890c0cb

  • SHA1

    33dc61b1fdd8cf886b5eb897d41b8b4f16aace70

  • SHA256

    8a7e5d36b08e238e067bd6ca7e7ef4d3d76a73b690a389cd46b77542d36b49f1

  • SHA512

    3c2d2193cf77df541a043204a22e51fa5477cc41b2de72039b275860e298027d2154f954cc2086768fb4b6c24eaa356742a52d5749c3dba313f2830137f2ad63

  • SSDEEP

    6144:mpj7RlW3E+HvNn60YIeZj34lzYffRr80cluBi9:APfkVw3kY327ii9

Score
10/10
xwormrattrojan

Malware Config

Extracted

Family

xworm

C2

person-bedford.gl.at.ply.gg:99

147.185.221.23:99
Attributes
  • Install_directory

    %Userprofile%

  • install_file

    USB.exe

  • telegram

    https://api.telegram.org/bot7517837255:AAFFYwsM3RAJTfnCWwagMLHeBQRG-F4UScg/sendMessage?chat_id=7538845070

Targets

    • Target

      NEXUS MULTI TOOL CB V2.exe

    • Size

      232KB

    • MD5

      fdd20779b1be9cababe4aa6f5890c0cb

    • SHA1

      33dc61b1fdd8cf886b5eb897d41b8b4f16aace70

    • SHA256

      8a7e5d36b08e238e067bd6ca7e7ef4d3d76a73b690a389cd46b77542d36b49f1

    • SHA512

      3c2d2193cf77df541a043204a22e51fa5477cc41b2de72039b275860e298027d2154f954cc2086768fb4b6c24eaa356742a52d5749c3dba313f2830137f2ad63

    • SSDEEP

      6144:mpj7RlW3E+HvNn60YIeZj34lzYffRr80cluBi9:APfkVw3kY327ii9

    Score
    10/10
    xwormrattrojan

    • Detect Xworm Payload

    • Xworm

      Xworm is a remote access trojan written in C#.

      trojanratxworm

    • Xworm family

      xworm

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks