Overview

overview

10

Static

static

3

Solara_Bootstrap.exe

windows7-x64

10

Solara_Bootstrap.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    Solara_Bootstrap.7z

  • Size

    372KB

  • Sample

    241114-y48a6ssfln

  • MD5

    880e181c6cdc2d64e6fc572ba391d972

  • SHA1

    e04f52516b625f921cc5d8085bf15ea2a7211208

  • SHA256

    4429897443b2487541fd7063992869780105c792b9c3903bdd93390a90941453

  • SHA512

    fbd6693dc8ec29608dd0c05f202c415ce5a913dcf0f43ee319af63cbd2bd6531a8356c06b522834d676042d6c5bead0c5c7d803f7abefe49f3775070c91d0c5a

  • SSDEEP

    768:dHnLIuj61JLn/TAg1WimhTLKnkgqgzZdPONqvzgs9086a4TTTTTTTTTTTTTTTTTb:dHLIia/JmTLKnkvgzZDLgs90tx

Score
10/10
xwormrattrojan

Malware Config

Extracted

Family

xworm

Attributes
  • install_file

    System Volume Information Prefetch.exe

  • pastebin_url

    https://pastebin.com/raw/ZpWEzbQr

Targets

    • Target

      Solara_Bootstrap

    • Size

      701.0MB

    • MD5

      a4dea35bbfedaf715edf928c850f9062

    • SHA1

      9d6fdbd7d96663b54c14182654a4742b11728743

    • SHA256

      e5700337351ecb04be3ac19ab2875a2f810a42a11bc1c3a6cdfb6a20c021c346

    • SHA512

      6cce303a11105bbab1a903549a6a830612b2a642b00d790065143eef5b3e7a494369a7bb330d6cd1a3988e00573d8785aad1a19dff798379b01dd7a8883d4297

    • SSDEEP

      768:t45Ckp/PlWm8WHU6QVySGPoD81umA2SXCY5t2tzskOshCPwiE:/kpcml0fioQfGQ5sCht

    Score
    10/10
    xwormrattrojan

    • Detect Xworm Payload

    • Xworm

      Xworm is a remote access trojan written in C#.

      trojanratxworm

    • Xworm family

      xworm

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Legitimate hosting services abused for malware hosting/C2

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks