Overview

overview

10

Static

static

1

castle.gz

windows10-2004-x64

10

castle.gz

windows10-ltsc 2021-x64

1

Sharing

Copy URL
Twitter E-mail

General

  • Target

    castle.schematic

  • Size

    337B

  • Sample

    241203-t555zsyqfp

  • MD5

    fa2698c00eafba8de01b887a8fdf44eb

  • SHA1

    cd2595cbfec9e3d096d0db191ed4769d8b830497

  • SHA256

    0f278718311cb0b48b2823ebf1148dcd904f6c31f70b73dc5ae6e26e2341b156

  • SHA512

    81ed86476f45798531610cf2f4c70b1cb850a7ba8a63eb1a67e437e173ab6b68b369e7ef8b5508dca40b48d47a6e4e4ec3c0e062b46d540f06739e54e0825104

Score
10/10
xwormdiscoveryrattrojan

Malware Config

Extracted

Family

xworm

Version

5.0

C2

glitchfoda.ddns.net:1234

Mutex

52v4amqz5lLtQorX

Attributes
  • install_file

    USB.exe

aes.plain

Targets

    • Target

      castle.schematic

    • Size

      337B

    • MD5

      fa2698c00eafba8de01b887a8fdf44eb

    • SHA1

      cd2595cbfec9e3d096d0db191ed4769d8b830497

    • SHA256

      0f278718311cb0b48b2823ebf1148dcd904f6c31f70b73dc5ae6e26e2341b156

    • SHA512

      81ed86476f45798531610cf2f4c70b1cb850a7ba8a63eb1a67e437e173ab6b68b369e7ef8b5508dca40b48d47a6e4e4ec3c0e062b46d540f06739e54e0825104

    Score
    10/10
    xwormdiscoveryrattrojan

    • Detect Xworm Payload

    • Xworm

      Xworm is a remote access trojan written in C#.

      trojanratxworm

    • Xworm family

      xworm

    • Downloads MZ/PE file

    • Executes dropped EXE

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks