Overview

overview

10

Static

static

1

dc3657abea...f0.exe

windows7-x64

7

dc3657abea...f0.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    dc3657abea2cc9c36a8f7a7cf4f61a22ba2172bd1040c229d5b2cdd8af10bff0.exe

  • Size

    64KB

  • Sample

    250307-rdzssa1ry4

  • MD5

    89757ce41562cf1c80dbc27625d64cbb

  • SHA1

    2ba3c337f490e647361869e54116f08aa190a983

  • SHA256

    dc3657abea2cc9c36a8f7a7cf4f61a22ba2172bd1040c229d5b2cdd8af10bff0

  • SHA512

    46f93775279a3408cb005b1fd9a7fc3ef0781e96972795782f3096acb9360a69463152aa715c85fd6fe23eb8c63730c159a79f4d7d403b62364ebf408d0120a3

  • SSDEEP

    768:69s9+6QHH22F+HIGbu3jI0/6PYrB5TH50hf2QojGF2zInyQS+ST6nkC1:Ys9wFN3jIU6PYrB5TKh+9kiInv/mq

Score
10/10
xwormdiscoveryrattrojan

Malware Config

Extracted

Family

xworm

Version

5.0

C2

147.124.212.231:6262

Mutex

hvvodBAOHulLeYa8

Attributes
  • install_file

    USB.exe

aes.plain

Targets

    • Target

      dc3657abea2cc9c36a8f7a7cf4f61a22ba2172bd1040c229d5b2cdd8af10bff0.exe

    • Size

      64KB

    • MD5

      89757ce41562cf1c80dbc27625d64cbb

    • SHA1

      2ba3c337f490e647361869e54116f08aa190a983

    • SHA256

      dc3657abea2cc9c36a8f7a7cf4f61a22ba2172bd1040c229d5b2cdd8af10bff0

    • SHA512

      46f93775279a3408cb005b1fd9a7fc3ef0781e96972795782f3096acb9360a69463152aa715c85fd6fe23eb8c63730c159a79f4d7d403b62364ebf408d0120a3

    • SSDEEP

      768:69s9+6QHH22F+HIGbu3jI0/6PYrB5TH50hf2QojGF2zInyQS+ST6nkC1:Ys9wFN3jIU6PYrB5TKh+9kiInv/mq

    Score
    10/10
    discoveryxwormrattrojan

    • Detect Xworm Payload

    • Suspicious use of NtCreateUserProcessOtherParentProcess

    • Xworm

      Xworm is a remote access trojan written in C#.

      trojanratxworm

    • Xworm family

      xworm

    • Drops startup file

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks