Overview

overview

10

Static

static

10

5f5892f480...56.exe

windows7-x64

10

5f5892f480...56.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    5f5892f48081e818d311ae3c472e7993c5ef5753fd2c1febbdb57700dd494656.exe

  • Size

    75KB

  • Sample

    250305-c93rzswwcy

  • MD5

    916c0c3dbd869182265f56753c2275e7

  • SHA1

    8ea67747634878f320d30c47ccadf315f964ced3

  • SHA256

    5f5892f48081e818d311ae3c472e7993c5ef5753fd2c1febbdb57700dd494656

  • SHA512

    5540c158270136d5a2c3981461ee2573f26121a6ac9971e90892b95c16d40cd4fe895a4bc8d06c6ffbbe879d0a772409f35d7a2bc0531531566cf5b59aeb53a5

  • SSDEEP

    1536:uhpLWjPWqMwkgtiSAbH2y65v5SHN5uO2Yzp4mgm:+kdxAbH215xSmO2Yzp6m

Score
10/10
xwormrattrojan

Malware Config

Extracted

Family

xworm

C2

147.185.221.22:47930

127.0.0.1:47930
Attributes
  • Install_directory

    %AppData%

  • install_file

    Runtime Broker.exe

Targets

    • Target

      5f5892f48081e818d311ae3c472e7993c5ef5753fd2c1febbdb57700dd494656.exe

    • Size

      75KB

    • MD5

      916c0c3dbd869182265f56753c2275e7

    • SHA1

      8ea67747634878f320d30c47ccadf315f964ced3

    • SHA256

      5f5892f48081e818d311ae3c472e7993c5ef5753fd2c1febbdb57700dd494656

    • SHA512

      5540c158270136d5a2c3981461ee2573f26121a6ac9971e90892b95c16d40cd4fe895a4bc8d06c6ffbbe879d0a772409f35d7a2bc0531531566cf5b59aeb53a5

    • SSDEEP

      1536:uhpLWjPWqMwkgtiSAbH2y65v5SHN5uO2Yzp4mgm:+kdxAbH215xSmO2Yzp6m

    Score
    10/10
    xwormrattrojan

    • Detect Xworm Payload

    • Xworm

      Xworm is a remote access trojan written in C#.

      trojanratxworm

    • Xworm family

      xworm

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    behavioral1behavioral2

MITRE ATT&CK Matrix

Tasks