Overview

overview

10

Static

static

3

windows.exe

windows7-x64

7

windows.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    windows.exe

  • Size

    28.7MB

  • Sample

    250119-3xdkfa1pat

  • MD5

    4f4f456bdcfdf304686c49f0443b2a65

  • SHA1

    cea44f32f127584ad8c3cb0e016e4ea94df894a1

  • SHA256

    a89c38247751952b13c88e72116b2b461723de6dada0c6e14107daf6323636e1

  • SHA512

    7ef9ba91c56c9b8b3ec6c395dd8bab2fe2c816ac427844af30dbbb95e51ef424ff2614b08f3f69b62bcdc3424cb17f67d5dbf87bef4de1fa9560b69b6c239d85

  • SSDEEP

    786432:uXsDZi5xxMJNTYPCkC7wnZKx2xaa0aW6rm0Qn24s:uXsk58Z8S7wZKBe7m0s24s

Score
10/10
xwormdiscoveryrattrojan

Malware Config

Extracted

Family

xworm

Version

5.0

C2

robert2day-54368.portmap.host:54368

Mutex

8a7Sje0orHTMqu0F

Attributes
  • install_file

    USB.exe

  • telegram

    https://api.telegram.org/bot8029262913:AAFSJbcefH3RuCQr6aHzYrVOAKTweiR_OvoM/sendMessage?chat_id=5479981438

aes.plain

Targets

    • Target

      windows.exe

    • Size

      28.7MB

    • MD5

      4f4f456bdcfdf304686c49f0443b2a65

    • SHA1

      cea44f32f127584ad8c3cb0e016e4ea94df894a1

    • SHA256

      a89c38247751952b13c88e72116b2b461723de6dada0c6e14107daf6323636e1

    • SHA512

      7ef9ba91c56c9b8b3ec6c395dd8bab2fe2c816ac427844af30dbbb95e51ef424ff2614b08f3f69b62bcdc3424cb17f67d5dbf87bef4de1fa9560b69b6c239d85

    • SSDEEP

      786432:uXsDZi5xxMJNTYPCkC7wnZKx2xaa0aW6rm0Qn24s:uXsk58Z8S7wZKBe7m0s24s

    Score
    10/10
    discoveryxwormrattrojan

    • Detect Xworm Payload

    • Xworm

      Xworm is a remote access trojan written in C#.

      trojanratxworm

    • Xworm family

      xworm

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Drops startup file

    • Executes dropped EXE

    • Loads dropped DLL

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks