Overview

overview

10

Static

static

3

Output.exe

windows7-x64

10

Output.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    Output.exe

  • Size

    76KB

  • Sample

    250304-2q8lkatkt3

  • MD5

    3609d5f3be639dfe2c7f3f0e7401b388

  • SHA1

    f6720729a2af46c119922183b1932cff8cb2ff49

  • SHA256

    ef5217e1b0ebd6fc1a8a75de80230998c30f810be4b594ddc711a587c34e12f7

  • SHA512

    0aeb9abec472926d57e2441885cb88344ab5ff479149695ffc2ff394321b2b35301dd2b786d191fe9b8c67046a63baff46aa5c9a08c8934c0132483f46f99bca

  • SSDEEP

    1536:71DLyqLA3qC85n5kuObTDLyqIA3qC85n5kuZb72:71DLvLA385n5zO/DLvIA385n5zZe

Score
10/10
xwormrattrojan

Malware Config

Extracted

Family

xworm

Version

5.0

C2

192.168.1.3:9999

Mutex

0x6vtRiVIhgdKOaX

Attributes
  • install_file

    USB.exe

aes.plain
aes.plain

Targets

    • Target

      Output.exe

    • Size

      76KB

    • MD5

      3609d5f3be639dfe2c7f3f0e7401b388

    • SHA1

      f6720729a2af46c119922183b1932cff8cb2ff49

    • SHA256

      ef5217e1b0ebd6fc1a8a75de80230998c30f810be4b594ddc711a587c34e12f7

    • SHA512

      0aeb9abec472926d57e2441885cb88344ab5ff479149695ffc2ff394321b2b35301dd2b786d191fe9b8c67046a63baff46aa5c9a08c8934c0132483f46f99bca

    • SSDEEP

      1536:71DLyqLA3qC85n5kuObTDLyqIA3qC85n5kuZb72:71DLvLA385n5zO/DLvIA385n5zZe

    Score
    10/10
    xwormrattrojan

    • Detect Xworm Payload

    • Xworm

      Xworm is a remote access trojan written in C#.

      trojanratxworm

    • Xworm family

      xworm

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks