Overview

overview

10

Static

static

3

fa71ca5766...3d.exe

windows7-x64

10

fa71ca5766...3d.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    fa71ca5766a5e57642af4006f1b240811e22fc5ff4df26d5edf994525814333d

  • Size

    287KB

  • Sample

    241117-rdp9ca1jhs

  • MD5

    8be246099b3ff1d9e8b2e2c14f6b286e

  • SHA1

    b1e6b5dcb351d755fbc7abdd66f9228a597731cb

  • SHA256

    fa71ca5766a5e57642af4006f1b240811e22fc5ff4df26d5edf994525814333d

  • SHA512

    08501fd417f39764b0633ef86aea0adf05ffb239f48f99b10cc34dd6ca76cfe3c86a33b690a99c71aafbcf059f620653144a229e2dcd3ec93b4c242821f09ca0

  • SSDEEP

    6144:JtjL9PYIoG/hZbv5NziERtMyXbkurBIuPnBTtr2PG/i4K:JtjyIoG/PbvLziERu2VrBI6nBTJ1m

Score
10/10
xwormrattrojan

Malware Config

Extracted

Family

xworm

Version

5.0

C2

127.0.0.1:7000

Mutex

FDifYDumKCtsXZEN

Attributes
  • install_file

    USB.exe

aes.plain

Targets

    • Target

      fa71ca5766a5e57642af4006f1b240811e22fc5ff4df26d5edf994525814333d

    • Size

      287KB

    • MD5

      8be246099b3ff1d9e8b2e2c14f6b286e

    • SHA1

      b1e6b5dcb351d755fbc7abdd66f9228a597731cb

    • SHA256

      fa71ca5766a5e57642af4006f1b240811e22fc5ff4df26d5edf994525814333d

    • SHA512

      08501fd417f39764b0633ef86aea0adf05ffb239f48f99b10cc34dd6ca76cfe3c86a33b690a99c71aafbcf059f620653144a229e2dcd3ec93b4c242821f09ca0

    • SSDEEP

      6144:JtjL9PYIoG/hZbv5NziERtMyXbkurBIuPnBTtr2PG/i4K:JtjyIoG/PbvLziERu2VrBI6nBTJ1m

    Score
    10/10
    xwormrattrojan

    • Detect Xworm Payload

    • Xworm

      Xworm is a remote access trojan written in C#.

      trojanratxworm

    • Xworm family

      xworm

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks