Overview

overview

10

Static

static

10

Boostrapper.exe

windows7-x64

10

Boostrapper.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    Boostrapper.exe

  • Size

    41KB

  • Sample

    250307-a64h1a1sdw

  • MD5

    9ac60ca7a5c5b857665cbebc905f4ee2

  • SHA1

    ed1b9591edbc322cb88e3f7ea626ca3741f08e7d

  • SHA256

    13183bf3db29665979577690003bddb8e09bdcd28c5d183ea91e95a63a26015d

  • SHA512

    625704840bba7b756e408a2bca717cd51c0d5ab69a877613dcedbd4ac871b8447b8bd10e515fb5cc295501318d4ac9f1071adba08df710f9018b15b2db45f82b

  • SSDEEP

    768:UBFMiKhUsY5OEGsWyH6pyAuwKFjHvdhtF5PG9+KdOwh53EmXb:n9hikvRyaAAulzvdTFI9+8Owr9Xb

Score
10/10
xwormrattrojan

Malware Config

Extracted

Family

xworm

Version

5.0

C2

20.ip.gl.ply.gg:25905

pics-facial.gl.at.ply.gg:25905
Mutex

x8W4SNblRhaish4q

Attributes
  • Install_directory

    %AppData%

  • install_file

    USB.exe

aes.plain

Targets

    • Target

      Boostrapper.exe

    • Size

      41KB

    • MD5

      9ac60ca7a5c5b857665cbebc905f4ee2

    • SHA1

      ed1b9591edbc322cb88e3f7ea626ca3741f08e7d

    • SHA256

      13183bf3db29665979577690003bddb8e09bdcd28c5d183ea91e95a63a26015d

    • SHA512

      625704840bba7b756e408a2bca717cd51c0d5ab69a877613dcedbd4ac871b8447b8bd10e515fb5cc295501318d4ac9f1071adba08df710f9018b15b2db45f82b

    • SSDEEP

      768:UBFMiKhUsY5OEGsWyH6pyAuwKFjHvdhtF5PG9+KdOwh53EmXb:n9hikvRyaAAulzvdTFI9+8Owr9Xb

    Score
    10/10
    xwormrattrojan

    • Detect Xworm Payload

    • Xworm

      Xworm is a remote access trojan written in C#.

      trojanratxworm

    • Xworm family

      xworm

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    behavioral1behavioral2

MITRE ATT&CK Matrix

Tasks