Overview

overview

10

Static

static

3

75a551d009...04.exe

windows7-x64

10

75a551d009...04.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    75a551d009cab61896d99174e5bd0e8fa1918f25a5f8e8dfc012ecff29bd1804

  • Size

    450KB

  • Sample

    241113-3cmbva1ejh

  • MD5

    78371fec766abeea44a21976d2c45dbd

  • SHA1

    894148a87d832de1621d51ce0f19d88fa50d067c

  • SHA256

    75a551d009cab61896d99174e5bd0e8fa1918f25a5f8e8dfc012ecff29bd1804

  • SHA512

    1aca30e1317573c7dd34fb9fd62ab174d022ac5f425450c740f2eabe00cc339f5a5dfcb10b492116fdb99d8e8b3f40ac733004c08b9aa41930ba478e421e5572

  • SSDEEP

    6144:WKcaBvV8VqQIX6p1YNFWYZinXFWUnA0RRrZKg9oNBWdCblnUN+KTMnFri:WnQv+b1YSFdg9iQwG+

Score
10/10
xwormpersistencerattrojan

Malware Config

Extracted

Family

xworm

Version

5.0

C2

104.234.114.133:1188

Mutex

KDTXz0km6agBYGv2

Attributes
  • Install_directory

    %AppData%

  • install_file

    system.exe

aes.plain

Targets

    • Target

      75a551d009cab61896d99174e5bd0e8fa1918f25a5f8e8dfc012ecff29bd1804

    • Size

      450KB

    • MD5

      78371fec766abeea44a21976d2c45dbd

    • SHA1

      894148a87d832de1621d51ce0f19d88fa50d067c

    • SHA256

      75a551d009cab61896d99174e5bd0e8fa1918f25a5f8e8dfc012ecff29bd1804

    • SHA512

      1aca30e1317573c7dd34fb9fd62ab174d022ac5f425450c740f2eabe00cc339f5a5dfcb10b492116fdb99d8e8b3f40ac733004c08b9aa41930ba478e421e5572

    • SSDEEP

      6144:WKcaBvV8VqQIX6p1YNFWYZinXFWUnA0RRrZKg9oNBWdCblnUN+KTMnFri:WnQv+b1YSFdg9iQwG+

    Score
    10/10
    xwormpersistencerattrojan

    • Detect Xworm Payload

    • Xworm

      Xworm is a remote access trojan written in C#.

      trojanratxworm

    • Xworm family

      xworm

    • Adds Run key to start application

      persistence
    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks