Overview

overview

10

Static

static

3

TRANSACCIO...AR.exe

windows7-x64

10

TRANSACCIO...AR.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    5653f60b3208049408755e4fe978f414.zip

  • Size

    448KB

  • Sample

    241203-ssgq7a1jgy

  • MD5

    5653f60b3208049408755e4fe978f414

  • SHA1

    032d1399327ce43d4244526a5416f118a79839e9

  • SHA256

    0c793df0a3d05aad1338739d5322ea6ff303fa00788593ba232845aeb4aab998

  • SHA512

    45066f32ecec74e9c9741a0f770c6805150d918d4cc5c3ad55b79a480617353932e6af87dfc577bb22655adbecc19d66264a4e48d16cb064ea3d0ed8af49ebea

  • SSDEEP

    12288:H+HJOBBO5WXOfOLlnNv9jChY2uS9VfpbQCmuWG:xBBOEvCY2F1QC9

Score
10/10
xwormdiscoveryrattrojan

Malware Config

Extracted

Family

xworm

Version

5.0

C2

87.120.116.179:1300

Mutex

aMI0xjUDQCeZl19j

Attributes
  • install_file

    USB.exe

aes.plain

Targets

    • Target

      TRANSACCION EXITOSA DICIEMBRE 3 DE 2024 VERIFICAR.exe

    • Size

      925KB

    • MD5

      995d3084d0fd6ccc4e85d09b6ca30c12

    • SHA1

      847e8e0116cf85d2a11febab9d0d4c565730aa41

    • SHA256

      cdeab2d0f4995ca3c36fbf98045f7c0ea46f85f47e51b05b14dec1919eaccb81

    • SHA512

      6ce973bb3a6c703763136c4a68bc42724a9caf555115f9810de50edaca1bc7681767b9ceee8cd3cad6720720ad27506f21ad87a98d9f020ce3272ae41e327404

    • SSDEEP

      12288:SY1xBOrpw3Wf+6vk7A5oItYHvmpMxmtPWAl2Rbf+/Zc+hJeg5RrMlT5jwM/FOXJT:SPVqWZvkWoImvOVPWAARbfmZcEAjZ/y

    Score
    10/10
    xwormdiscoveryrattrojan

    • Detect Xworm Payload

    • Xworm

      Xworm is a remote access trojan written in C#.

      trojanratxworm

    • Xworm family

      xworm

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks