Overview

overview

10

Static

static

3

BootstrapperNew.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    BootstrapperNew.exe

  • Size

    3.0MB

  • Sample

    250305-bfvnvatzdy

  • MD5

    3b348b19ea1e626dfe9cecbc3ef467d9

  • SHA1

    526f475b3beafc6b9d198b66b41a1d6c3376cf93

  • SHA256

    13d986aa31c6fc9a511ac47758ef1d0af04337ba6f9a040db11044df63c4d275

  • SHA512

    ac308b05fa50a0738c18b9158c104348a4bb7fed16bf19d77b8fc6d15da29ff436c6943b6f8f3b53403febb64ecb18d0930b549d90631e04ec514b3ffd7e0ee0

  • SSDEEP

    49152:8BgUnSOVPhshhMmky484rg+oDGLa0eu4IKwqZhczodAk7B:b6SOAhheDDry6a0euNnqvdA

Score
10/10
xwormrattrojan

Malware Config

Extracted

Family

xworm

C2

127.0.0.1:36623

fax-scenarios.gl.at.ply.gg:36623
Attributes
  • Install_directory

    %AppData%

  • install_file

    svchost.exe

Targets

    • Target

      BootstrapperNew.exe

    • Size

      3.0MB

    • MD5

      3b348b19ea1e626dfe9cecbc3ef467d9

    • SHA1

      526f475b3beafc6b9d198b66b41a1d6c3376cf93

    • SHA256

      13d986aa31c6fc9a511ac47758ef1d0af04337ba6f9a040db11044df63c4d275

    • SHA512

      ac308b05fa50a0738c18b9158c104348a4bb7fed16bf19d77b8fc6d15da29ff436c6943b6f8f3b53403febb64ecb18d0930b549d90631e04ec514b3ffd7e0ee0

    • SSDEEP

      49152:8BgUnSOVPhshhMmky484rg+oDGLa0eu4IKwqZhczodAk7B:b6SOAhheDDry6a0euNnqvdA

    Score
    10/10
    xwormrattrojan

    • Detect Xworm Payload

    • Xworm

      Xworm is a remote access trojan written in C#.

      trojanratxworm

    • Xworm family

      xworm

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    behavioral1

MITRE ATT&CK Enterprise v15

Tasks