Overview

overview

10

Static

static

10

xworm.exe

windows7-x64

10

xworm.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    xworm.exe

  • Size

    36KB

  • Sample

    250307-gfaasswkt6

  • MD5

    b3a89b0bf85bda317f428c807637f9d5

  • SHA1

    99c5f8b888cd29574173ae0f03f6aeebac3ab2e1

  • SHA256

    ddfc9420dd7d61ff16c24433bb7bc678301f8fae7842fd1298e3851fd04a912e

  • SHA512

    88781bbbfc8e26b61911b47e1b00e03a0cede98f4fe9e77c6ac016e19a7c1c8c5dfe2d0ab6071617b1d5de99cf73fe35be955a83e182f6c7e501906481f1a321

  • SSDEEP

    384:fFqouAgAkffHnjuNWoAgLWanS3FLZcWzWCu280wpkFMAfNLT2OZwxcV2v99IkHEy:dzuAinEWaRC4QFm9YtzOMhLkGa

Score
10/10
xwormrattrojan

Malware Config

Extracted

Family

xworm

Version

5.0

Mutex

yXBbU38gyKosDR5d

Attributes
  • install_file

    USB.exe

  • pastebin_url

    https://pastebin.com/raw/CKHqQFk6

aes.plain

Targets

    • Target

      xworm.exe

    • Size

      36KB

    • MD5

      b3a89b0bf85bda317f428c807637f9d5

    • SHA1

      99c5f8b888cd29574173ae0f03f6aeebac3ab2e1

    • SHA256

      ddfc9420dd7d61ff16c24433bb7bc678301f8fae7842fd1298e3851fd04a912e

    • SHA512

      88781bbbfc8e26b61911b47e1b00e03a0cede98f4fe9e77c6ac016e19a7c1c8c5dfe2d0ab6071617b1d5de99cf73fe35be955a83e182f6c7e501906481f1a321

    • SSDEEP

      384:fFqouAgAkffHnjuNWoAgLWanS3FLZcWzWCu280wpkFMAfNLT2OZwxcV2v99IkHEy:dzuAinEWaRC4QFm9YtzOMhLkGa

    Score
    10/10
    xwormrattrojan

    • Detect Xworm Payload

    • Xworm

      Xworm is a remote access trojan written in C#.

      trojanratxworm

    • Xworm family

      xworm

    • Legitimate hosting services abused for malware hosting/C2

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks