Overview

overview

10

Static

static

10

SolaraV3.exe

windows10-ltsc 2021-x64

10

SolaraV3.exe

windows11-21h2-x64

10

Analysis

  • max time kernel
    52s
  • max time network
    57s
  • platform
    windows11-21h2_x64
  • resource
    win11-20241007-en
  • resource tags

    arch:x64arch:x86image:win11-20241007-enlocale:en-usos:windows11-21h2-x64system
  • submitted
    14-11-2024 18:29

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    SolaraV3.exe

  • Size

    34KB

  • MD5

    7c5de7e27718249128aac31f4e3362ea

  • SHA1

    657e27b260171842d7104fd0af778530bea3f8c0

  • SHA256

    c735c657b913747ba41f2b11498e8c0e138cbcd852c52540e17cda2a1ca8ea52

  • SHA512

    2ca4275c1ee6c91b1014629f8f4b8bf7db048680b5e72e529ec537d2d4b21eb43418d7ff7626fa07164c2eb88186d169fb3ed90d839146edc87980f224dedccd

  • SSDEEP

    384:6DxAXmqVlxOli1rJ2tK6mnRGwnBLmiOHCwvHixdTEgVR8pkFTBLTIZwYGDcvw9I1:OAXT2ts9tAHC4C7V9FZ9j2Ojh0/cI

Score
10/10
xwormrattrojan

Malware Config

Extracted

Family

xworm

Version

5.0

C2

item-encouraged.gl.at.ply.gg:57138

Mutex

Ek9apHcn9Fw5RFO7

Attributes
  • Install_directory

    %AppData%

  • install_file

    WindowsDefender.exe

aes.plain

Signatures

  • Detect Xworm Payload 1 IoCs
  • Xworm

    Xworm is a remote access trojan written in C#.

    trojanratxworm
  • Xworm family
    xworm
  • Drops startup file 2 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Suspicious use of AdjustPrivilegeToken 1 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\SolaraV3.exe
    "C:\Users\Admin\AppData\Local\Temp\SolaraV3.exe"
    1⤵
    • Drops startup file
    • Suspicious use of AdjustPrivilegeToken
    PID:3460

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/3460-0-0x00007FFB676F3000-0x00007FFB676F5000-memory.dmp

    Filesize

    8KB

    Download

  • memory/3460-1-0x0000000000600000-0x000000000060E000-memory.dmp

    Filesize

    56KB

    Download

  • memory/3460-6-0x00007FFB676F0000-0x00007FFB681B2000-memory.dmp

    Filesize

    10.8MB

    Download

  • memory/3460-7-0x00007FFB676F3000-0x00007FFB676F5000-memory.dmp

    Filesize

    8KB

    Download

  • memory/3460-8-0x00007FFB676F0000-0x00007FFB681B2000-memory.dmp

    Filesize

    10.8MB

    Download