Overview

overview

10

Static

static

3

bqkriy6l.exe

windows7-x64

10

bqkriy6l.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    bqkriy6l.exe

  • Size

    1.4MB

  • Sample

    241110-sjw5hsygrn

  • MD5

    72a6fe522fd7466bf2e2ac9daf40a806

  • SHA1

    b0164b9dfee039798191de85a96db7ac54538d02

  • SHA256

    771d0ba5b4f3b2d1c6d7a5ebe9b395e70e3d125540c28f1a0c1f80098c6775ce

  • SHA512

    b938a438e14458120316581cb1883579a2ce7f835b52f4ab1cde33aa85febcad11f8a8b0a23fb9a8acafa774fe9cbd1c804a02fd8e6f5d8df60924c351f0126e

  • SSDEEP

    24576:9lh9OZjjhYvYjQJABLaR5nyAMqIvGPSFyPHCA2c8UkHBSDzJ4u:fhwZjjhYvYTLaPy+IvG6FHAk8DzJ4u

Score
10/10
xwormdiscoveryrattrojan

Malware Config

Extracted

Family

xworm

Version

5.0

C2

38.180.203.11:1010

Mutex

LE5ccvPhTtoUBuJ2

Attributes
  • install_file

    USB.exe

aes.plain

Targets

    • Target

      bqkriy6l.exe

    • Size

      1.4MB

    • MD5

      72a6fe522fd7466bf2e2ac9daf40a806

    • SHA1

      b0164b9dfee039798191de85a96db7ac54538d02

    • SHA256

      771d0ba5b4f3b2d1c6d7a5ebe9b395e70e3d125540c28f1a0c1f80098c6775ce

    • SHA512

      b938a438e14458120316581cb1883579a2ce7f835b52f4ab1cde33aa85febcad11f8a8b0a23fb9a8acafa774fe9cbd1c804a02fd8e6f5d8df60924c351f0126e

    • SSDEEP

      24576:9lh9OZjjhYvYjQJABLaR5nyAMqIvGPSFyPHCA2c8UkHBSDzJ4u:fhwZjjhYvYTLaPy+IvG6FHAk8DzJ4u

    Score
    10/10
    xwormdiscoveryrattrojan

    • Detect Xworm Payload

    • Xworm

      Xworm is a remote access trojan written in C#.

      trojanratxworm

    • Xworm family

      xworm

    • Drops startup file

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks