Overview

overview

10

Static

static

3

file.exe

windows10-2004-x64

10

file.exe

windows11-21h2-x64

10

Analysis

  • max time kernel
    147s
  • max time network
    154s
  • platform
    windows11-21h2_x64
  • resource
    win11-20250410-en
  • resource tags

    arch:x64arch:x86image:win11-20250410-enlocale:en-usos:windows11-21h2-x64system
  • submitted
    15/04/2025, 16:00

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    file.exe

  • Size

    1.5MB

  • MD5

    331c0633d4eaecd87c39180f7f350769

  • SHA1

    7339299f301e2bf82989029391366da000f53bc6

  • SHA256

    573b6b682ba79aa17aea93a00e8c9f4b3b8d90f177f219682e879bf15c32c55d

  • SHA512

    7edb099b0566bdb365545bf3f5f28e937141eb3eacf33877ee1f2d1aee65fe429a741aba03bbd92d37a1e93ff5f8fe18ea4d53b957abb06e40c598495fcfaec7

  • SSDEEP

    24576:fBGIMKfL6k4fP133M+Rvf9rJ9UpENLKmgUmVGn0LQ:fBGIrfL6kIP133TR39rPUGNLKmegn0L

Score
10/10
latentbotxwormrattrojan

Malware Config

Extracted

Family

xworm

Attributes
  • install_file

    MasonUSB.exe

Extracted

Family

latentbot

C2

cryptoghost.zapto.org

Signatures

  • Detect Xworm Payload 1 IoCs
  • LatentBot

    Modular trojan written in Delphi which has been in-the-wild since 2013.

    trojanlatentbot
  • Latentbot family
    latentbot
  • Xworm

    Xworm is a remote access trojan written in C#.

    trojanratxworm
  • Xworm family
    xworm
  • Legitimate hosting services abused for malware hosting/C2 1 TTPs 2 IoCs
  • Suspicious use of AdjustPrivilegeToken 1 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\file.exe
    "C:\Users\Admin\AppData\Local\Temp\file.exe"
    1⤵
    • Suspicious use of AdjustPrivilegeToken
    PID:4128

Network

MITRE ATT&CK Enterprise v16

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/4128-0-0x00007FF8FC343000-0x00007FF8FC345000-memory.dmp

    Filesize

    8KB

    Download

  • memory/4128-1-0x0000000000120000-0x000000000029E000-memory.dmp

    Filesize

    1.5MB

    Download

  • memory/4128-3-0x00007FF8FC340000-0x00007FF8FCE02000-memory.dmp

    Filesize

    10.8MB

    Download

  • memory/4128-2-0x00000000024E0000-0x00000000024E6000-memory.dmp

    Filesize

    24KB

    Download

  • memory/4128-4-0x000000001AF00000-0x000000001AF12000-memory.dmp

    Filesize

    72KB

    Download

  • memory/4128-5-0x00007FF8FC343000-0x00007FF8FC345000-memory.dmp

    Filesize

    8KB

    Download

  • memory/4128-6-0x00007FF8FC340000-0x00007FF8FCE02000-memory.dmp

    Filesize

    10.8MB

    Download