Overview

overview

10

Static

static

3

2663738939...62.exe

windows7-x64

3

2663738939...62.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    07032025_0124_2663738939987542452672728827262.exe.iso

  • Size

    158KB

  • Sample

    250307-bytjha1xev

  • MD5

    5bb644b98a1defeddd5b3b812d799d95

  • SHA1

    292deaca045e4400cdd31a9594b87e8fa848907c

  • SHA256

    2d749ee267f200f0d8baf0486fc5079d0f502d2e9c2978e58781fa88bed5fdac

  • SHA512

    0c86122ad77d72494b712e2a76ac065d38934c6ea8874433b54159afd43f7a3f5795c84f63024988d4bd7fb3dda1a05d6448bb4ae9f4ed3ad1bf1a3c7a4c92fc

  • SSDEEP

    3072:iZq6LHp8plAKG/el4ZneM+3M+pRW6Ql8/e:YPHgyKGhZeM+3M+y8

Score
10/10
xwormdiscoveryrattrojan

Malware Config

Targets

    • Target

      2663738939987542452672728827262.exe

    • Size

      108KB

    • MD5

      38dadd03bc276632796f2d3a637c8a07

    • SHA1

      d057d734977b77ac1879d0a4ae9c82eb86c706ff

    • SHA256

      f5f2f8272a0c271071fcbcb6a8c50503ff8fc6d1f26ac717ddf8563ad3ffb57f

    • SHA512

      a71805792b49b363d8e3e5bfe930c2cdf502ad8f2dbf25e8054ba4b21b21324db41d39fb4fb3585a0aa4337693bd679881d6181046c29ab7de4652cc33b0283b

    • SSDEEP

      3072:4Zq6LHp8plAKG/el4ZneM+3M+pRW6Ql8/e:yPHgyKGhZeM+3M+y8

    Score
    10/10
    discoveryxwormrattrojan

    • Detect Xworm Payload

    • Suspicious use of NtCreateUserProcessOtherParentProcess

    • Xworm

      Xworm is a remote access trojan written in C#.

      trojanratxworm

    • Xworm family

      xworm

    • Enumerates connected drives

      Attempts to read the root path of hard drives other than the default C: drive.

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks