Overview

overview

10

Static

static

10

1737701404...ed.exe

windows7-x64

10

1737701404...ed.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    1737701404d7e2db9bd85949651d771cf2c71b35c7c53a8031379846bc9bf607c745814b60686.dat-decoded.exe

  • Size

    36KB

  • Sample

    250124-hmgtwsvrcz

  • MD5

    e8aecfbddc0287bb9de4d31bbf6ce56f

  • SHA1

    ab7879f37bc502d63f7db057947a8becba585735

  • SHA256

    819c36e3518ef3c8c926c4aad1c10786fca2a1f041d5bede1dfea9ac2af29fba

  • SHA512

    e39493dac1b9bbd5aac188bc93d4447d046977a875da8f70cb6c8bc4f7733f14f8277f5244fac62ebde8edff765ad020bfeac5d01beebc8d157ea36f5bed0ac4

  • SSDEEP

    768:8L13A5Uno9RfHWa2BLGeo8icHyEWbFb9YNOMhUQXv9:qxA5Uno9JHWX6eNicHyESFb9YNOMO69

Score
10/10
xwormrattrojan

Malware Config

Extracted

Family

xworm

Version

5.0

C2

81.161.238.16:1888

Mutex

YnKynSF972dJUnvl

Attributes
  • install_file

    USB.exe

aes.plain

Targets

    • Target

      1737701404d7e2db9bd85949651d771cf2c71b35c7c53a8031379846bc9bf607c745814b60686.dat-decoded.exe

    • Size

      36KB

    • MD5

      e8aecfbddc0287bb9de4d31bbf6ce56f

    • SHA1

      ab7879f37bc502d63f7db057947a8becba585735

    • SHA256

      819c36e3518ef3c8c926c4aad1c10786fca2a1f041d5bede1dfea9ac2af29fba

    • SHA512

      e39493dac1b9bbd5aac188bc93d4447d046977a875da8f70cb6c8bc4f7733f14f8277f5244fac62ebde8edff765ad020bfeac5d01beebc8d157ea36f5bed0ac4

    • SSDEEP

      768:8L13A5Uno9RfHWa2BLGeo8icHyEWbFb9YNOMhUQXv9:qxA5Uno9JHWX6eNicHyESFb9YNOMO69

    Score
    10/10
    xwormrattrojan

    • Detect Xworm Payload

    • Xworm

      Xworm is a remote access trojan written in C#.

      trojanratxworm

    • Xworm family

      xworm
    behavioral1behavioral2

MITRE ATT&CK Matrix

Tasks