Overview

overview

10

Static

static

1

invoice.exe

windows7-x64

10

invoice.exe

windows10-2004-x64

1

Sharing

Copy URL
Twitter E-mail

General

  • Target

    invoice.exe

  • Size

    2.3MB

  • Sample

    240629-3c4wwsygqb

  • MD5

    5bc392a75e9f0c3b36f344096f0183cc

  • SHA1

    a2f48b659efa913e5ed17d1621f517c21a9305a6

  • SHA256

    81513a82573e2a72bf3b56b6b309ea2f73716f602e1f00d0ee957abd3408b6a3

  • SHA512

    f9224d1f9818b2a4c93276467719e535f3f66c5f4a9d6f2287669307ecb276dfb9f202007cd9c801a0ea1ef63630eac4ca03ce9de4aab6086b9d941e54c017eb

  • SSDEEP

    12288:z5DIexdM4iE+o+OKtDY2z1ZWtpMo4mSUvIZAg+GSsgHU:1DIexgo+OKtDYq12MqSUv8Ag+tY

Score
10/10
xwormrattrojan

Malware Config

Extracted

Family

xworm

Version

5.0

C2

127.0.0.1:7733

104.161.80.204:7733
Mutex

R4c17KU2odlSGK04

Attributes
  • Install_directory

    %AppData%

  • install_file

    System.exe

aes.plain

Targets

    • Target

      invoice.exe

    • Size

      2.3MB

    • MD5

      5bc392a75e9f0c3b36f344096f0183cc

    • SHA1

      a2f48b659efa913e5ed17d1621f517c21a9305a6

    • SHA256

      81513a82573e2a72bf3b56b6b309ea2f73716f602e1f00d0ee957abd3408b6a3

    • SHA512

      f9224d1f9818b2a4c93276467719e535f3f66c5f4a9d6f2287669307ecb276dfb9f202007cd9c801a0ea1ef63630eac4ca03ce9de4aab6086b9d941e54c017eb

    • SSDEEP

      12288:z5DIexdM4iE+o+OKtDY2z1ZWtpMo4mSUvIZAg+GSsgHU:1DIexgo+OKtDYq12MqSUv8Ag+tY

    Score
    10/10
    xwormrattrojan

    • Detect Xworm Payload

    • Xworm

      Xworm is a remote access trojan written in C#.

      trojanratxworm

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Matrix

Tasks