Overview

overview

10

Static

static

10

SolaraV3.exe

windows10-ltsc 2021-x64

10

SolaraV3.exe

windows11-21h2-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    SolaraV3.exe

  • Size

    34KB

  • Sample

    241112-mkgtbszkh1

  • MD5

    8422d88748d18b97e51f59777cab8f3a

  • SHA1

    c51ef13b6818b941ec78254e05b3c01fe48ed2a9

  • SHA256

    12928a29b6e233035892e9d030a70484bc116904c8dd232338c61cf7345ca3fa

  • SHA512

    397d6c135db7eb8585663387965fa32553e540815352bf0ce3bb7ada50274fef1d8d2683a9e3dd232e58b2fa585c8895d05ace53fa871b02c401f1f3b7a1f5e7

  • SSDEEP

    384:IxaXVqG28uymzhzUuHnOmYxLm97CwvHixdTX2VR8pkFTBLTIZwYGDcvw9Ikuisz:QaXUzPi9w7C4C+V9FZ9jktOjhl/kw

Score
10/10
xwormrattrojan

Malware Config

Extracted

Family

xworm

Version

5.0

C2

127.0.0.1:37380

23.ip.gl.ply.gg:37380
Mutex

xJJiRv40ppRvp0mk

Attributes
  • Install_directory

    %AppData%

  • install_file

    svhost.exe

aes.plain

Targets

    • Target

      SolaraV3.exe

    • Size

      34KB

    • MD5

      8422d88748d18b97e51f59777cab8f3a

    • SHA1

      c51ef13b6818b941ec78254e05b3c01fe48ed2a9

    • SHA256

      12928a29b6e233035892e9d030a70484bc116904c8dd232338c61cf7345ca3fa

    • SHA512

      397d6c135db7eb8585663387965fa32553e540815352bf0ce3bb7ada50274fef1d8d2683a9e3dd232e58b2fa585c8895d05ace53fa871b02c401f1f3b7a1f5e7

    • SSDEEP

      384:IxaXVqG28uymzhzUuHnOmYxLm97CwvHixdTX2VR8pkFTBLTIZwYGDcvw9Ikuisz:QaXUzPi9w7C4C+V9FZ9jktOjhl/kw

    Score
    10/10
    xwormrattrojan

    • Detect Xworm Payload

    • Xworm

      Xworm is a remote access trojan written in C#.

      trojanratxworm

    • Xworm family

      xworm

    • Drops startup file

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks