Overview

overview

10

Static

static

10

jhfkasdfhk...hf.exe

windows7-x64

10

jhfkasdfhk...hf.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    jhfkasdfhkjasdhfajkshfsahf.exe

  • Size

    66KB

  • Sample

    250303-2d9m4a1qv2

  • MD5

    cf907ddedd3d0f6800e8e3bc704d7dc2

  • SHA1

    e8cc5a7a80799a0688d09193650d1240d26d7c42

  • SHA256

    79eda4e78316ec7d5cbc8fd3f66a74ee8f999bae82ce08ae48d937b9c9714614

  • SHA512

    5e2f366733c0a9ec5b515b9948d339bfed54b7daec0acc544c7eb777457194abb4c7f3c4ee137a2a59d2817d7f9889a0d5b0b9d11d68da06a2ba3362654a9490

  • SSDEEP

    1536:0rrkATgI8XkJpWR6QwGJbgZ4nCMzMLI6BeXfOzgw2:0HRTgXrRqobgZAzMjePOzf2

Score
10/10
xwormrattrojan

Malware Config

Extracted

Family

xworm

C2

45.88.91.55:7813

Attributes
  • Install_directory

    %ProgramData%

  • install_file

    steam-helper.exe

Targets

    • Target

      jhfkasdfhkjasdhfajkshfsahf.exe

    • Size

      66KB

    • MD5

      cf907ddedd3d0f6800e8e3bc704d7dc2

    • SHA1

      e8cc5a7a80799a0688d09193650d1240d26d7c42

    • SHA256

      79eda4e78316ec7d5cbc8fd3f66a74ee8f999bae82ce08ae48d937b9c9714614

    • SHA512

      5e2f366733c0a9ec5b515b9948d339bfed54b7daec0acc544c7eb777457194abb4c7f3c4ee137a2a59d2817d7f9889a0d5b0b9d11d68da06a2ba3362654a9490

    • SSDEEP

      1536:0rrkATgI8XkJpWR6QwGJbgZ4nCMzMLI6BeXfOzgw2:0HRTgXrRqobgZAzMjePOzf2

    Score
    10/10
    xwormrattrojan

    • Detect Xworm Payload

    • Xworm

      Xworm is a remote access trojan written in C#.

      trojanratxworm

    • Xworm family

      xworm

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    behavioral1behavioral2

MITRE ATT&CK Matrix

Tasks