Overview

overview

10

Static

static

10

2024-11-15...ar.exe

windows7-x64

10

2024-11-15...ar.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    2024-11-15_ae4957b9487d4bef4561924cacfd87e1_hiddentear

  • Size

    170KB

  • Sample

    241115-qn3rraykgq

  • MD5

    ae4957b9487d4bef4561924cacfd87e1

  • SHA1

    7c4345be2315779d07e5b2caa5105f021aa71a98

  • SHA256

    2bca82cd14951c2ce35707a176b1555956c8ef938187f4e7687da194c818b492

  • SHA512

    5fcf65119c64066b8f5837d09680f1cb61f224ff17ce72ad54976730f126b9f63974f2549ce1c12044b42b06472c1a81f3d8abfe18d3be758156517de6930bc5

  • SSDEEP

    3072:RUetQRGSwRzAkYQbv9bG6ApBaO24M+lmsolAIrRuw+mqv9j1MWLQz:RxCR2ZYQb1bXcO+lDAA

Score
10/10
xwormrattrojan

Malware Config

Extracted

Family

xworm

C2

185.29.8.111:7000

Attributes
  • Install_directory

    %AppData%

  • install_file

    svhosts.exe

Targets

    • Target

      2024-11-15_ae4957b9487d4bef4561924cacfd87e1_hiddentear

    • Size

      170KB

    • MD5

      ae4957b9487d4bef4561924cacfd87e1

    • SHA1

      7c4345be2315779d07e5b2caa5105f021aa71a98

    • SHA256

      2bca82cd14951c2ce35707a176b1555956c8ef938187f4e7687da194c818b492

    • SHA512

      5fcf65119c64066b8f5837d09680f1cb61f224ff17ce72ad54976730f126b9f63974f2549ce1c12044b42b06472c1a81f3d8abfe18d3be758156517de6930bc5

    • SSDEEP

      3072:RUetQRGSwRzAkYQbv9bG6ApBaO24M+lmsolAIrRuw+mqv9j1MWLQz:RxCR2ZYQb1bXcO+lDAA

    Score
    10/10
    xwormrattrojan

    • Detect Xworm Payload

    • Xworm

      Xworm is a remote access trojan written in C#.

      trojanratxworm

    • Xworm family

      xworm

    • Drops startup file

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks