General

  • Target

    VenomRATHVNCStealerGrabber.exe

  • Size

    14.1MB

  • Sample

    250702-x6t1wsgk4w

  • MD5

    b77382293386221aad5e4b668dd7fab9

  • SHA1

    a073fae22d21cd8998f2f885adc716b216c7a5a2

  • SHA256

    2c19ea543b98f4a8f690ce005a9e5e978d78f4234e9dc5e9d345b942ab1ca675

  • SHA512

    0812a12dd6449565a5311829bb12c15dca3f0060f89c4eafdbb11af73d6d6ee0367d783a2b3635537da5197960a4183d44941ebb7cfb273c13fac760cebc7904

  • SSDEEP

    1536:zgUfn+DhaKa72NY+Em5NFV96QH6TOzmoTS33yPR:z1f+c9kYzoFV96bOz5e33yPR

Score
10/10

Malware Config

Extracted

Family

xworm

Version

5.0

C2

testarosa.duckdns.org:7116

Mutex

Psgg9heSuYkiXVnu

Attributes
  • Install_directory

    %ProgramData%

  • install_file

    WindowsDefender.exe

aes.plain

Targets

    • Target

      VenomRATHVNCStealerGrabber.exe

    • Size

      14.1MB

    • MD5

      b77382293386221aad5e4b668dd7fab9

    • SHA1

      a073fae22d21cd8998f2f885adc716b216c7a5a2

    • SHA256

      2c19ea543b98f4a8f690ce005a9e5e978d78f4234e9dc5e9d345b942ab1ca675

    • SHA512

      0812a12dd6449565a5311829bb12c15dca3f0060f89c4eafdbb11af73d6d6ee0367d783a2b3635537da5197960a4183d44941ebb7cfb273c13fac760cebc7904

    • SSDEEP

      1536:zgUfn+DhaKa72NY+Em5NFV96QH6TOzmoTS33yPR:z1f+c9kYzoFV96bOz5e33yPR

    Score
    10/10
    • Detect Xworm Payload

    • Xworm

      Xworm is a remote access trojan written in C#.

    • Xworm family

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

MITRE ATT&CK Matrix

Tasks