Overview

overview

10

Static

static

3

rc72.exe

windows7-x64

10

rc72.exe

windows10-2004-x64

6

Sharing

Copy URL
Twitter E-mail

General

  • Target

    rc72.exe

  • Size

    85KB

  • Sample

    250303-2gvcks1zcs

  • MD5

    7d8c06573fad926b86f5dcca4d79a938

  • SHA1

    1deb1612b61a7074dba865546110e019e76d32e7

  • SHA256

    b271c8c74d2f172b07adf103779729827971a383822275d0e10fe3cf60418b19

  • SHA512

    7d3a9d0eed6e7f141b59f8e2e3a061a7b5ecc97f8a253be92f6185040f63cbbd4a2b4f9dafa1cd6885f06ffbbbf0b316e16afe38d0ebb8dfcd70d0ab5bcbf6aa

  • SSDEEP

    1536:tm/+KAh2sM93znxGxPaL9NZcmtFGBdLaAcmvtBWwfSF/yim/1y1ejY6yFOBA:K+Kz33NGxSpzdFGBsckww/yjgf6yFOB

Score
10/10
xwormpersistencerattrojan

Malware Config

Extracted

Family

xworm

Attributes
  • install_file

    Antivirus.exe

Targets

    • Target

      rc72.exe

    • Size

      85KB

    • MD5

      7d8c06573fad926b86f5dcca4d79a938

    • SHA1

      1deb1612b61a7074dba865546110e019e76d32e7

    • SHA256

      b271c8c74d2f172b07adf103779729827971a383822275d0e10fe3cf60418b19

    • SHA512

      7d3a9d0eed6e7f141b59f8e2e3a061a7b5ecc97f8a253be92f6185040f63cbbd4a2b4f9dafa1cd6885f06ffbbbf0b316e16afe38d0ebb8dfcd70d0ab5bcbf6aa

    • SSDEEP

      1536:tm/+KAh2sM93znxGxPaL9NZcmtFGBdLaAcmvtBWwfSF/yim/1y1ejY6yFOBA:K+Kz33NGxSpzdFGBsckww/yjgf6yFOB

    Score
    10/10
    xwormpersistencerattrojan

    • Detect Xworm Payload

    • Xworm

      Xworm is a remote access trojan written in C#.

      trojanratxworm

    • Xworm family

      xworm

    • Executes dropped EXE

    • Loads dropped DLL

    • Adds Run key to start application

      persistence

    • Legitimate hosting services abused for malware hosting/C2

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks