Overview

overview

10

Static

static

10

354b00c9d0...7f.exe

windows7-x64

10

354b00c9d0...7f.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    354b00c9d02006639e90d6da17a88f381c3ce1913fbad8737c194296e098ba7f.exe

  • Size

    50KB

  • Sample

    241117-23y8na1ckl

  • MD5

    b6c62bed649ab17763babb3d43ea756a

  • SHA1

    7a7d6a5c90423f0e5775e7b5fecc0d2429a6e03d

  • SHA256

    354b00c9d02006639e90d6da17a88f381c3ce1913fbad8737c194296e098ba7f

  • SHA512

    7e24342196d4f6dbeca8734f68fb0cbf634bd62c169668a746bac452bcc172d0018edb83096fee5bfdced2460e56d44f1daefae536880c177fff554f0abc5e67

  • SSDEEP

    768:AvPzXMVK5uDLY894aZzde0Qnkbb5OfIhWsHQChaYpGAvOgi5hnW8xAnB:4XMlPYAWXkbb5GPTYUKOFLYB

Score
10/10
xwormrattrojan

Malware Config

Extracted

Family

xworm

C2

states-allocation.gl.at.ply.gg:33251

Attributes
  • Install_directory

    %Userprofile%

  • install_file

    svchosts.exe

Targets

    • Target

      354b00c9d02006639e90d6da17a88f381c3ce1913fbad8737c194296e098ba7f.exe

    • Size

      50KB

    • MD5

      b6c62bed649ab17763babb3d43ea756a

    • SHA1

      7a7d6a5c90423f0e5775e7b5fecc0d2429a6e03d

    • SHA256

      354b00c9d02006639e90d6da17a88f381c3ce1913fbad8737c194296e098ba7f

    • SHA512

      7e24342196d4f6dbeca8734f68fb0cbf634bd62c169668a746bac452bcc172d0018edb83096fee5bfdced2460e56d44f1daefae536880c177fff554f0abc5e67

    • SSDEEP

      768:AvPzXMVK5uDLY894aZzde0Qnkbb5OfIhWsHQChaYpGAvOgi5hnW8xAnB:4XMlPYAWXkbb5GPTYUKOFLYB

    Score
    10/10
    xwormrattrojan

    • Detect Xworm Payload

    • Xworm

      Xworm is a remote access trojan written in C#.

      trojanratxworm

    • Xworm family

      xworm

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks