Overview

overview

10

Static

static

3

fg.exe

windows7-x64

10

fg.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    fg.exe

  • Size

    394KB

  • Sample

    250304-s93pzsvkx5

  • MD5

    ff7bdcc4260a35315c5a59f44fc78126

  • SHA1

    8ca1960bdc5cb8f72fa2735bebc49f47676773c8

  • SHA256

    757af13b416594d65a4c99362a537f13dde2a93b61ec8ba0b939c548b8973186

  • SHA512

    27270cb2803fe88acb58976b8ae8daab249a1110cc8bf574c014d1f49fb1d16b9798fd48341662e2fde88a86e1230a1a8ca6da6b04c5ad51add765739d827db7

  • SSDEEP

    3072:c9apijplAUVMpC5ZgEQLmefWXMRVVmLgP:FijplhMiZgEQaefeyV

Score
10/10
xwormdiscoveryrattrojan

Malware Config

Extracted

Family

xworm

Version

5.0

C2

185.7.214.108:4411

185.7.214.54:4411
aes.plain

Targets

    • Target

      fg.exe

    • Size

      394KB

    • MD5

      ff7bdcc4260a35315c5a59f44fc78126

    • SHA1

      8ca1960bdc5cb8f72fa2735bebc49f47676773c8

    • SHA256

      757af13b416594d65a4c99362a537f13dde2a93b61ec8ba0b939c548b8973186

    • SHA512

      27270cb2803fe88acb58976b8ae8daab249a1110cc8bf574c014d1f49fb1d16b9798fd48341662e2fde88a86e1230a1a8ca6da6b04c5ad51add765739d827db7

    • SSDEEP

      3072:c9apijplAUVMpC5ZgEQLmefWXMRVVmLgP:FijplhMiZgEQaefeyV

    Score
    10/10
    xwormdiscoveryrattrojan

    • Detect Xworm Payload

    • Xworm

      Xworm is a remote access trojan written in C#.

      trojanratxworm

    • Xworm family

      xworm

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks