Overview

overview

10

Static

static

10

API.dll

windows10-2004-x64

1

Project IDE fixed.exe

windows7-x64

10

Project IDE fixed.exe

windows10-2004-x64

10

Project.dll

windows7-x64

1

Project.dll

windows10-2004-x64

1

dashboard.dll

windows10-2004-x64

1

Sharing

Copy URL
Twitter E-mail

General

  • Target

    ProjectIDE.rar

  • Size

    37KB

  • Sample

    250302-t9j4bayqv8

  • MD5

    b3cd46ad413e807b8a5b55f6744041d7

  • SHA1

    9cb238b40a12fc82782f1bcea8c6408c1af10ab3

  • SHA256

    974b4e7a3b968754c1fc21f09425eacaefa74dc613c2d62a3a0972b6f8a0949e

  • SHA512

    f57e7cc3411eb63e2d5d1bf712146d5167133486ac03da14f0c3dbbda89972d2d88854161ceddadffe38a30fad7e7d281306e0e2df0a9c1b9294c15bf5708125

  • SSDEEP

    768:DUhGSSvkxDqcN8opGB76UrC1gCN2Ta8uSbjAFTBne/BU:D0GVsxDNKopGx4PNl7c8ZZe/+

Score
10/10
xwormrattrojan

Malware Config

Extracted

Family

xworm

Version

5.0

C2

127.0.0.1:7000

Mutex

RGMCdXJ9uBejLCdB

Attributes
  • install_file

    USB.exe

aes.plain

Targets

    • Target

      API.dll

    • Size

      11KB

    • MD5

      8c1ea3de9b06dca5a17ecc851c46fb07

    • SHA1

      1a85bbd40db8bdf972834f288542157aa8ca9d63

    • SHA256

      3909fb4f509418ee6aacc708340bdc386f58f395b985689960fa02c497b7014a

    • SHA512

      b8a75b6099255a67ad5d24515e86fe14e3a34fa02390e44adc019eff478f405b6d3f715376f0c6d475a02d575dc06078403b31cbca9c9695d219ab093f8fbaed

    • SSDEEP

      192:gYtWphWvWSawTyihVWQ4eWwueSquXqnajZasdyI:gkWphWgwGyVS1lNNx

    Score
    1/10
    behavioral1

    • Target

      Project IDE fixed.exe

    • Size

      32KB

    • MD5

      e2b1c0f552961b5d8fb3a7124c58d3b8

    • SHA1

      c96bf4e5d58cb2eccc3335e7bcb0754989cb02a4

    • SHA256

      da144a919db4a02f3371110350f40e5b98eec778b257b95d862081864f301748

    • SHA512

      3079fbd1747ded18ce5518a473b5aa54ae80f046698ed54f3677f1016bd5d4acf12adb5b9b2ca839414d27670f87c0fac5ec386185de5b3ffa0a562f070ea00d

    • SSDEEP

      384:vEbmX5Qa+vN1h1+X3v6JFjL+gP3Tm2eaFOrpdRApkFTBLTsOZwpGd2v99Ikuist:8Va+vNtg+PBP3Tw42pdVFE9j4OjhsbW

    Score
    10/10
    xwormrattrojan

    • Detect Xworm Payload

    • Xworm

      Xworm is a remote access trojan written in C#.

      trojanratxworm

    • Xworm family

      xworm
    behavioral2behavioral3

    • Target

      Project.dll

    • Size

      19KB

    • MD5

      ee37842ca98dcf5e05ef2cd37ba7b192

    • SHA1

      c5bacae0f7221824c4a6e836636d4f995581c166

    • SHA256

      3b2fb9f8a86546c3369819611cad29a037eb9dda399c7894f8332350d05dc30f

    • SHA512

      ede609220c52a8ec5fec6c8e6f0a5425526843fde4814ed4a79609fe706b13a12708c79a28662faa9833115100d5dbf88e0024551611cfe838a67213956acdf4

    • SSDEEP

      384:3WI/W82rkSiVKmE+FNZgOcHi+/dHRN7KfVlGsa9QAR:LAEEfOcHFFxHR

    Score
    1/10
    behavioral4behavioral5

    • Target

      dashboard.dll

    • Size

      11KB

    • MD5

      7816039fc35232c815b933c47d864c88

    • SHA1

      e68fb109a6921f64ae05104ba1afc1952b868b9a

    • SHA256

      9c8f443b3a42e9e1aaa110b12c85f99b3d42ce22849cc3072cf56e29ccdd8401

    • SHA512

      943b5eae98337652b3ee8c0ad88172d5cc22bbee14e517a91c0d67b89cfbbc68cb854a3f53badcb49d355ec6e748de5579e8bf6a0f8ee28f85ba11808fb79e25

    • SSDEEP

      192:QVPlWphWYWSawTyihVWQ4eWINt9tCNxXeRqnajRWBs:QVdWphWpwGyZ3t4JeRlF

    Score
    1/10
    behavioral6

MITRE ATT&CK Matrix

Tasks