Overview

overview

10

Static

static

10

RealtekAud...ll.exe

windows7-x64

10

RealtekAud...ll.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    RealtekAudioDriverInstall.exe

  • Size

    40KB

  • Sample

    250307-zab7bawpw9

  • MD5

    54a6f585c5d3483cb50a4ba17be5ec28

  • SHA1

    8226aea9e79c7c82c96536c73db3a09869114230

  • SHA256

    73a815655d2337bdf8990075d452ca008b38a0ab318a396ec9f3dc760f7c4d1d

  • SHA512

    2b6a2bb52065de1f0c71046c854dbabe2f3b60cf34a06970f962d3359bdbade8eb2fcaf644516eda8d7932ea272c913c04d737cd375a85cd6bac1a7da79a56fd

  • SSDEEP

    768:I02yvdzR7qsnAmJRXF425tF5PT95a8bOMhl3Ep:IgR2qAmJ1F42LFx95aGOM7m

Score
10/10
xwormrattrojan

Malware Config

Extracted

Family

xworm

Version

5.0

C2

24.243.20.84:7000

Mutex

Tw3DcWk3xR894OD7

Attributes
  • Install_directory

    %AppData%

  • install_file

    Realtek Audio Driver.exe

aes.plain

Targets

    • Target

      RealtekAudioDriverInstall.exe

    • Size

      40KB

    • MD5

      54a6f585c5d3483cb50a4ba17be5ec28

    • SHA1

      8226aea9e79c7c82c96536c73db3a09869114230

    • SHA256

      73a815655d2337bdf8990075d452ca008b38a0ab318a396ec9f3dc760f7c4d1d

    • SHA512

      2b6a2bb52065de1f0c71046c854dbabe2f3b60cf34a06970f962d3359bdbade8eb2fcaf644516eda8d7932ea272c913c04d737cd375a85cd6bac1a7da79a56fd

    • SSDEEP

      768:I02yvdzR7qsnAmJRXF425tF5PT95a8bOMhl3Ep:IgR2qAmJ1F42LFx95aGOM7m

    Score
    10/10
    xwormrattrojan

    • Detect Xworm Payload

    • Xworm

      Xworm is a remote access trojan written in C#.

      trojanratxworm

    • Xworm family

      xworm

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    behavioral1behavioral2

MITRE ATT&CK Matrix

Tasks