Overview

overview

10

Static

static

3

2025-04-06...om.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    2025-04-06_2d9737b42eac9916ad98a61e743b2983_black-basta_cobalt-strike_satacom

  • Size

    7.6MB

  • Sample

    250406-kgajqsxmx3

  • MD5

    2d9737b42eac9916ad98a61e743b2983

  • SHA1

    5aa9da3245449e53a214028edbed422ed8931b99

  • SHA256

    432fd1fd3ae8bd08b18b3f4e56bdb56aabd2fc66b86d63c16884af2877657799

  • SHA512

    b5c57402a510ba8477c8d4aabfb30358edd1f9455b6d1c479fb9b74be923212d49892b72c5c0b178fce001aeafd151d08f6aabb87cc0ab228965637924b3c426

  • SSDEEP

    98304:aR7WYMfow8QadjAA1h9eT393YigJhH0yqTu/NWPdHddaACTazD4oRrB0rdz4:a4Ym/A1HeT39Iig+c0/aACTUFVu1

Score
10/10
xwormpyinstallerrattrojan

Malware Config

Extracted

Family

xworm

C2

d-flip.gl.at.ply.gg:57966:57966

d-flip.gl.at.ply.gg:57966
Attributes
  • Install_directory

    %Temp%

  • install_file

    XClient.exe

Targets

    • Target

      2025-04-06_2d9737b42eac9916ad98a61e743b2983_black-basta_cobalt-strike_satacom

    • Size

      7.6MB

    • MD5

      2d9737b42eac9916ad98a61e743b2983

    • SHA1

      5aa9da3245449e53a214028edbed422ed8931b99

    • SHA256

      432fd1fd3ae8bd08b18b3f4e56bdb56aabd2fc66b86d63c16884af2877657799

    • SHA512

      b5c57402a510ba8477c8d4aabfb30358edd1f9455b6d1c479fb9b74be923212d49892b72c5c0b178fce001aeafd151d08f6aabb87cc0ab228965637924b3c426

    • SSDEEP

      98304:aR7WYMfow8QadjAA1h9eT393YigJhH0yqTu/NWPdHddaACTazD4oRrB0rdz4:a4Ym/A1HeT39Iig+c0/aACTUFVu1

    Score
    10/10
    xwormrattrojan

    • Detect Xworm Payload

    • Xworm

      Xworm is a remote access trojan written in C#.

      trojanratxworm

    • Xworm family

      xworm

    • Executes dropped EXE

    • Loads dropped DLL

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    behavioral1

MITRE ATT&CK Matrix

Tasks