Overview

overview

10

Static

static

10

AyuGram.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    AyuGram.exe

  • Size

    41KB

  • Sample

    250306-pvhvgsyrx3

  • MD5

    78e28fd861f6639f530b75078074e29a

  • SHA1

    c02da865dc5af2d7d70909f536595cb905b4c0af

  • SHA256

    92b5d7c61acf1cb06fc46a23f928551ef1456fefb543bb7d6b928b986fea4251

  • SHA512

    276e3a174b0c2aaa7557765f22fd1fd4ace70aa29cbffa79121584ec5c7747921ae500095463ae1975824a504c01543e73bf53182a8cdefa7261080b2efec0d1

  • SSDEEP

    768:k8hOzqVhNY8HgbAvrSH7tF5Pa9quuOOwh03/mXO:kerTHCAv6xF49qPOOwi+XO

Score
10/10
xwormrattrojan

Malware Config

Extracted

Family

xworm

Version

5.0

C2

needed-below.gl.at.ply.gg:8496

restaurant-volunteer.gl.at.ply.gg:8496

127.0.0.1:8496

147.185.221.26:8496

contains-player.gl.at.ply.gg:8496
Mutex

SxCIX01GGSj4AMkg

Attributes
  • Install_directory

    %AppData%

  • install_file

    rustneats.exe

aes.plain

Targets

    • Target

      AyuGram.exe

    • Size

      41KB

    • MD5

      78e28fd861f6639f530b75078074e29a

    • SHA1

      c02da865dc5af2d7d70909f536595cb905b4c0af

    • SHA256

      92b5d7c61acf1cb06fc46a23f928551ef1456fefb543bb7d6b928b986fea4251

    • SHA512

      276e3a174b0c2aaa7557765f22fd1fd4ace70aa29cbffa79121584ec5c7747921ae500095463ae1975824a504c01543e73bf53182a8cdefa7261080b2efec0d1

    • SSDEEP

      768:k8hOzqVhNY8HgbAvrSH7tF5Pa9quuOOwh03/mXO:kerTHCAv6xF49qPOOwi+XO

    Score
    10/10
    xwormrattrojan

    • Detect Xworm Payload

    • Xworm

      Xworm is a remote access trojan written in C#.

      trojanratxworm

    • Xworm family

      xworm

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    behavioral1

MITRE ATT&CK Enterprise v15

Tasks