Overview

overview

10

Static

static

3

fc761e54a7...8b.exe

windows7-x64

10

fc761e54a7...8b.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    fc761e54a71bcc71a15e0413ce5da44a59f08b3310696786f1997a81f8ea038b

  • Size

    1.1MB

  • Sample

    241120-s7btgsypdv

  • MD5

    e1e9d28f322e7f933fbb65c98a4c52ab

  • SHA1

    de30f48ae46aa769d79164a30f2a163a3f1e8a0e

  • SHA256

    fc761e54a71bcc71a15e0413ce5da44a59f08b3310696786f1997a81f8ea038b

  • SHA512

    f3b5f2dd0c2e6d07c0c396af42ee6deeb16d6bcfab9cef4cdb5ac6760963910122fcac8280117f6c497effa7cf1b294694655d293c5de6596d6cf74b9826a7df

  • SSDEEP

    24576:IaZwEQeDdt3/zNe7AS53jP77NxvQ48T6aaYHh3KmIEv/sei41:eFen3/zkAS53jP77NxvQ48T6aaoh3IER

Score
10/10
xwormdiscoverypersistencerattrojan

Malware Config

Extracted

Family

xworm

Version

5.0

C2

87.120.116.179:1300

Mutex

yyjBJjau0hjxvXcA

Attributes
  • install_file

    USB.exe

aes.plain

Targets

    • Target

      fc761e54a71bcc71a15e0413ce5da44a59f08b3310696786f1997a81f8ea038b

    • Size

      1.1MB

    • MD5

      e1e9d28f322e7f933fbb65c98a4c52ab

    • SHA1

      de30f48ae46aa769d79164a30f2a163a3f1e8a0e

    • SHA256

      fc761e54a71bcc71a15e0413ce5da44a59f08b3310696786f1997a81f8ea038b

    • SHA512

      f3b5f2dd0c2e6d07c0c396af42ee6deeb16d6bcfab9cef4cdb5ac6760963910122fcac8280117f6c497effa7cf1b294694655d293c5de6596d6cf74b9826a7df

    • SSDEEP

      24576:IaZwEQeDdt3/zNe7AS53jP77NxvQ48T6aaYHh3KmIEv/sei41:eFen3/zkAS53jP77NxvQ48T6aaoh3IER

    Score
    10/10
    xwormdiscoverypersistencerattrojan

    • Detect Xworm Payload

    • Xworm

      Xworm is a remote access trojan written in C#.

      trojanratxworm

    • Xworm family

      xworm

    • Adds Run key to start application

      persistence

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks