Overview

overview

10

Static

static

10

4729482394...74.exe

windows7-x64

10

4729482394...74.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    47294823947829478921143897148794298374.exe

  • Size

    167KB

  • Sample

    250303-2m3wxasjw5

  • MD5

    f86c5f136512f4e76e0737f8ccc302a3

  • SHA1

    78000060bca357dbb9fbe29633c46fd4ea1cd9f5

  • SHA256

    3528e3b0a01a175a885033eed18569a4cd34641373f5d42af5866d5d2d280f1c

  • SHA512

    e371660eb576a50dfa9d619ccf0367511d3b5d4985c8577ce5160b146d1385a7bf2db5c58fe5e235f80bcbada8e517590b944b589fe811613169426374015f79

  • SSDEEP

    3072:VuFG7Z9+FbSVx/BecODps2zBz65/M6If+3Js+3JFkKeTnQ:B7Z9ObSxpeJu2zxBt25

Score
10/10
xwormrattrojan

Malware Config

Extracted

Family

xworm

C2

45.88.91.55:8893

Attributes
  • Install_directory

    %ProgramData%

  • install_file

    sys-32.exe

Targets

    • Target

      47294823947829478921143897148794298374.exe

    • Size

      167KB

    • MD5

      f86c5f136512f4e76e0737f8ccc302a3

    • SHA1

      78000060bca357dbb9fbe29633c46fd4ea1cd9f5

    • SHA256

      3528e3b0a01a175a885033eed18569a4cd34641373f5d42af5866d5d2d280f1c

    • SHA512

      e371660eb576a50dfa9d619ccf0367511d3b5d4985c8577ce5160b146d1385a7bf2db5c58fe5e235f80bcbada8e517590b944b589fe811613169426374015f79

    • SSDEEP

      3072:VuFG7Z9+FbSVx/BecODps2zBz65/M6If+3Js+3JFkKeTnQ:B7Z9ObSxpeJu2zxBt25

    Score
    10/10
    xwormrattrojan

    • Detect Xworm Payload

    • Xworm

      Xworm is a remote access trojan written in C#.

      trojanratxworm

    • Xworm family

      xworm

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    behavioral1behavioral2

MITRE ATT&CK Matrix

Tasks