Overview

overview

10

Static

static

3

Compiler.exe

windows7-x64

10

Compiler.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    Compiler.exe

  • Size

    84KB

  • Sample

    250303-jzt6essvdx

  • MD5

    106079faae035b4188595aa4aaa8b4d5

  • SHA1

    e0b5ac10283087a478643caf09fc8d536f9ef0c0

  • SHA256

    56b50264096dd509eefe770f619629b7ddfb45f8040c0e311670eba3235e46bf

  • SHA512

    134a392c301a1f67130c39a74a2aadaaca505d6d2a984d56cf8cd64712add7b2877a54a379c195be08b5c5f4c94562a724519e5744cedd80ef3bc4db09a42694

  • SSDEEP

    1536:jM3USZ+SBzXAsim+fLV7H2XeTlRsc2O1pU7RTafZycZO1783G6+euQ/Z:jiUyzXnoB7HueTlec1U7wfZyckOt+yZ

Score
10/10
xwormrattrojan

Malware Config

Extracted

Family

xworm

Version

3.1

C2

197.48.109.181:8080

Attributes
  • Install_directory

    %AppData%

  • install_file

    Disk Driver.exe

Targets

    • Target

      Compiler.exe

    • Size

      84KB

    • MD5

      106079faae035b4188595aa4aaa8b4d5

    • SHA1

      e0b5ac10283087a478643caf09fc8d536f9ef0c0

    • SHA256

      56b50264096dd509eefe770f619629b7ddfb45f8040c0e311670eba3235e46bf

    • SHA512

      134a392c301a1f67130c39a74a2aadaaca505d6d2a984d56cf8cd64712add7b2877a54a379c195be08b5c5f4c94562a724519e5744cedd80ef3bc4db09a42694

    • SSDEEP

      1536:jM3USZ+SBzXAsim+fLV7H2XeTlRsc2O1pU7RTafZycZO1783G6+euQ/Z:jiUyzXnoB7HueTlec1U7wfZyckOt+yZ

    Score
    10/10
    xwormrattrojan

    • Detect Xworm Payload

    • Xworm

      Xworm is a remote access trojan written in C#.

      trojanratxworm

    • Xworm family

      xworm

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks