Overview

overview

10

Static

static

10

VMXModMenu.exe

windows7-x64

10

VMXModMenu.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    VMXModMenu.exe

  • Size

    101KB

  • Sample

    250307-cq3ymsstdt

  • MD5

    b2ed14da26475b542695dfeb44683e6b

  • SHA1

    36fdcf814f1ab5ce4b563c9de97fe16c0c015dfc

  • SHA256

    b9533e27109f91d578d381dc1997cc9301f5f8e5625c83b6430182a61e38ece1

  • SHA512

    e7a5892ab83a8c9540073575f39d7f968996d7c5e93b7ae2421a9be7ea10a40ca719fabc4532b8bc065c71b9fb890b3965f8b2ef5b0528ae53f607e6d0379737

  • SSDEEP

    768:R+SEjnwCkJjukg+4s/hrwWFyz9FE6OjhDQMQJGQAsGkK23u:RSja6u40J/FC9FE6Oj3fQAsGkK23u

Score
10/10
xwormrattrojan

Malware Config

Extracted

Family

xworm

Version

5.0

Mutex

cGDrirmzU5eLYUoi

Attributes
  • Install_directory

    %AppData%

  • install_file

    RobloxGraphics.exe

  • pastebin_url

    https://pastebin.com/raw/ZdGpTLd0

aes.plain

Targets

    • Target

      VMXModMenu.exe

    • Size

      101KB

    • MD5

      b2ed14da26475b542695dfeb44683e6b

    • SHA1

      36fdcf814f1ab5ce4b563c9de97fe16c0c015dfc

    • SHA256

      b9533e27109f91d578d381dc1997cc9301f5f8e5625c83b6430182a61e38ece1

    • SHA512

      e7a5892ab83a8c9540073575f39d7f968996d7c5e93b7ae2421a9be7ea10a40ca719fabc4532b8bc065c71b9fb890b3965f8b2ef5b0528ae53f607e6d0379737

    • SSDEEP

      768:R+SEjnwCkJjukg+4s/hrwWFyz9FE6OjhDQMQJGQAsGkK23u:RSja6u40J/FC9FE6Oj3fQAsGkK23u

    Score
    10/10
    xwormrattrojan

    • Detect Xworm Payload

    • Xworm

      Xworm is a remote access trojan written in C#.

      trojanratxworm

    • Xworm family

      xworm

    • Drops startup file

    • Legitimate hosting services abused for malware hosting/C2

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks