Overview

overview

10

Static

static

10

kolo.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    kolo.exe

  • Size

    71KB

  • Sample

    250121-wl6zaawjhs

  • MD5

    faea49dfe62bf95884101492dd55b84b

  • SHA1

    124366b77164067458075a639c29564417ad2daf

  • SHA256

    b1c6c20bfeae788fc314d6a7775962632160a0e64b6f4bde0ca51d63a110eb78

  • SHA512

    c1da84e78e87b960fccf1b9ca1a54c75a7767114cff440147a79ec4bb1d09c0e9e69e44f4468d59fed25ad83832a00b619f2699a44d799a800212cfc31bac77c

  • SSDEEP

    1536:5x8Mc+vPtdVKDMBMF5Bw8kbhzeJAC+7OtnN:5GMD3t/KsnzbNMAC4OtN

Score
10/10
xwormrattrojan

Malware Config

Extracted

Family

xworm

C2

147.185.221.25:2131

Attributes
  • install_file

    USB.exe

Targets

    • Target

      kolo.exe

    • Size

      71KB

    • MD5

      faea49dfe62bf95884101492dd55b84b

    • SHA1

      124366b77164067458075a639c29564417ad2daf

    • SHA256

      b1c6c20bfeae788fc314d6a7775962632160a0e64b6f4bde0ca51d63a110eb78

    • SHA512

      c1da84e78e87b960fccf1b9ca1a54c75a7767114cff440147a79ec4bb1d09c0e9e69e44f4468d59fed25ad83832a00b619f2699a44d799a800212cfc31bac77c

    • SSDEEP

      1536:5x8Mc+vPtdVKDMBMF5Bw8kbhzeJAC+7OtnN:5GMD3t/KsnzbNMAC4OtN

    Score
    10/10
    xwormrattrojan

    • Detect Xworm Payload

    • Xworm

      Xworm is a remote access trojan written in C#.

      trojanratxworm

    • Xworm family

      xworm

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    behavioral1

MITRE ATT&CK Matrix

Tasks