Overview

overview

10

Static

static

10

china.exe

windows7-x64

10

china.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    china.exe

  • Size

    34KB

  • Sample

    241117-2d6w7szfrj

  • MD5

    61ffe280e65651237b433ca13be44753

  • SHA1

    db6f9ecf0224254425cfc89b8c50c7672f92d70e

  • SHA256

    22c94e6a30f18896211c0a3d41722392c059b788f52822b71231b6a951054a0a

  • SHA512

    0047d9cb2db3d37b45d7870033ec330f4f01e69da4f2392a5aa887acf61bf22bd7621570289eea24fd24425b1e7dde6d1a1c893d4477267783b40f8844860767

  • SSDEEP

    768:DOMm6sgb2F9hqVRlsQkjm6ZaF9Fk9kpccO/hs/fx5:DMP/mbUxojFk9kpccO/O3j

Score
10/10
xwormrattrojan

Malware Config

Extracted

Family

xworm

Version

5.0

C2

address-northwest.gl.at.ply.gg:8888

Mutex

Hi99saipGmhYmM2G

Attributes
  • Install_directory

    %Userprofile%

  • install_file

    runtime.exe

aes.plain

Targets

    • Target

      china.exe

    • Size

      34KB

    • MD5

      61ffe280e65651237b433ca13be44753

    • SHA1

      db6f9ecf0224254425cfc89b8c50c7672f92d70e

    • SHA256

      22c94e6a30f18896211c0a3d41722392c059b788f52822b71231b6a951054a0a

    • SHA512

      0047d9cb2db3d37b45d7870033ec330f4f01e69da4f2392a5aa887acf61bf22bd7621570289eea24fd24425b1e7dde6d1a1c893d4477267783b40f8844860767

    • SSDEEP

      768:DOMm6sgb2F9hqVRlsQkjm6ZaF9Fk9kpccO/hs/fx5:DMP/mbUxojFk9kpccO/O3j

    Score
    10/10
    xwormrattrojan

    • Detect Xworm Payload

    • Xworm

      Xworm is a remote access trojan written in C#.

      trojanratxworm

    • Xworm family

      xworm

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Drops startup file

    • Executes dropped EXE

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks