Overview

overview

10

Static

static

10

2ed5096b88...b5.exe

windows7-x64

10

2ed5096b88...b5.exe

windows10-2004-x64

10

2ee9655c23...67.exe

windows7-x64

10

2ee9655c23...67.exe

windows10-2004-x64

10

2eff63cdfb...1a.exe

windows7-x64

10

2eff63cdfb...1a.exe

windows10-2004-x64

10

2f148dd5c5...0b.exe

windows7-x64

10

2f148dd5c5...0b.exe

windows10-2004-x64

10

2f20805841...4a.exe

windows7-x64

10

2f20805841...4a.exe

windows10-2004-x64

10

2f3c6dcb67...d1.exe

windows7-x64

3

2f3c6dcb67...d1.exe

windows10-2004-x64

3

2f3ef255d9...18.exe

windows7-x64

8

2f3ef255d9...18.exe

windows10-2004-x64

8

2f51ba1ede...be.exe

windows7-x64

10

2f51ba1ede...be.exe

windows10-2004-x64

10

2f61e23326...8e.exe

windows7-x64

10

2f61e23326...8e.exe

windows10-2004-x64

10

2f8f60984e...42.exe

windows7-x64

10

2f8f60984e...42.exe

windows10-2004-x64

10

2faeca4666...e9.exe

windows7-x64

10

2faeca4666...e9.exe

windows10-2004-x64

10

2fd4eb3e27...82.exe

windows7-x64

10

2fd4eb3e27...82.exe

windows10-2004-x64

10

2fde7f3ffb...c6.exe

windows7-x64

10

2fde7f3ffb...c6.exe

windows10-2004-x64

10

30143fedf8...ac.exe

windows7-x64

10

30143fedf8...ac.exe

windows10-2004-x64

10

301cceb8e4...db.exe

windows7-x64

10

301cceb8e4...db.exe

windows10-2004-x64

10

3020571d24...5f.exe

windows7-x64

10

3020571d24...5f.exe

windows10-2004-x64

10

Analysis

  • max time kernel
    126s
  • max time network
    156s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20250314-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20250314-enlocale:en-usos:windows10-2004-x64system
  • submitted
    22/03/2025, 06:09

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    2ee9655c23e38841be4731180b89a967.exe

  • Size

    68KB

  • MD5

    2ee9655c23e38841be4731180b89a967

  • SHA1

    092f21246d35e965195a1fc24a78f92c0173d79d

  • SHA256

    73b62e276faa18be5bb73c9f26ba43c6dd456cf6999db0f995c06f9041c4bf83

  • SHA512

    2555327bdeeb5e2de612862bd9c3dfbc5cce7fed9f1abbfe577549bcfacfb6efbc8f92df23d6f87058a2f5e14eb4b9cc3f329a8fc6bfb80ceb0099139c0f3a0c

  • SSDEEP

    1536:qpNdh5WbHFnvL1FJOOmbk4G6Z5ax4J2/N6VHdyiJUkObc9J:qjdzOnvLzJtmbk/Y5a+vH/JUkObc9J

Score
10/10
xwormrattrojan

Malware Config

Extracted

Family

xworm

C2

activity-majority.gl.at.ply.gg:44249

Attributes
  • Install_directory

    %Public%

  • install_file

    Runtime Broker.exe

  • telegram

    https://api.telegram.org/bot7657358333:AAGqjkQn3Y1tidi4Fg35oc8a1cgXRB-oI2U/sendMessage?chat_id=5998738333

Signatures

  • Detect Xworm Payload 1 IoCs
  • Xworm

    Xworm is a remote access trojan written in C#.

    trojanratxworm
  • Xworm family
    xworm
  • Looks up external IP address via web service 1 IoCs

    Uses a legitimate IP lookup service to find the infected system's external IP.

  • Suspicious use of AdjustPrivilegeToken 1 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\2ee9655c23e38841be4731180b89a967.exe
    "C:\Users\Admin\AppData\Local\Temp\2ee9655c23e38841be4731180b89a967.exe"
    1⤵
    • Suspicious use of AdjustPrivilegeToken
    PID:3344

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/3344-0-0x00007FFE5C3B3000-0x00007FFE5C3B5000-memory.dmp

    Filesize

    8KB

    Download

  • memory/3344-1-0x0000000000E50000-0x0000000000E68000-memory.dmp

    Filesize

    96KB

    Download

  • memory/3344-2-0x00007FFE5C3B0000-0x00007FFE5CE71000-memory.dmp

    Filesize

    10.8MB

    Download

  • memory/3344-3-0x00007FFE5C3B0000-0x00007FFE5CE71000-memory.dmp

    Filesize

    10.8MB

    Download