Overview

overview

10

Static

static

3

713a9ec5fe...e5.exe

windows7-x64

10

713a9ec5fe...e5.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    713a9ec5fe2a81686942a159c168027da5910e72fd52d914cf8e6fc0a2cdb0e5.exe

  • Size

    394KB

  • Sample

    250305-demb7awxgw

  • MD5

    9daf267f412e5c38116989762a9cf145

  • SHA1

    809fad1c6bf61546ea05188dfedbde4bad0f98a1

  • SHA256

    713a9ec5fe2a81686942a159c168027da5910e72fd52d914cf8e6fc0a2cdb0e5

  • SHA512

    0115e5c5cfa324615fba5dbc4b9f3c915195f26bfdc1598ebf1bd3291582410f7cee46d2296d34165e9115b4cafcd74e2e88eca55cbdb8a8009901b9d8ffd88b

  • SSDEEP

    12288:TxjwN1WoADQEwTKOZ2+i/qW83wfeuLhDhyO6T1GdcdcgL5i:d

Score
10/10
xwormdiscoveryrattrojan

Malware Config

Extracted

Family

xworm

Version

5.0

C2

92.255.57.221:4414

aes.plain

Targets

    • Target

      713a9ec5fe2a81686942a159c168027da5910e72fd52d914cf8e6fc0a2cdb0e5.exe

    • Size

      394KB

    • MD5

      9daf267f412e5c38116989762a9cf145

    • SHA1

      809fad1c6bf61546ea05188dfedbde4bad0f98a1

    • SHA256

      713a9ec5fe2a81686942a159c168027da5910e72fd52d914cf8e6fc0a2cdb0e5

    • SHA512

      0115e5c5cfa324615fba5dbc4b9f3c915195f26bfdc1598ebf1bd3291582410f7cee46d2296d34165e9115b4cafcd74e2e88eca55cbdb8a8009901b9d8ffd88b

    • SSDEEP

      12288:TxjwN1WoADQEwTKOZ2+i/qW83wfeuLhDhyO6T1GdcdcgL5i:d

    Score
    10/10
    xwormdiscoveryrattrojan

    • Detect Xworm Payload

    • Xworm

      Xworm is a remote access trojan written in C#.

      trojanratxworm

    • Xworm family

      xworm

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks