Overview

overview

10

Static

static

10

2024-06-28...ar.exe

windows7-x64

10

2024-06-28...ar.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    2024-06-28_cf237eeab248f01b9615211042857f7f_hiddentear

  • Size

    157KB

  • Sample

    240629-affdgsyglk

  • MD5

    cf237eeab248f01b9615211042857f7f

  • SHA1

    d68972d8ef6f7e7394771eda9d72e4e47e4bbe52

  • SHA256

    64ba60e41476d524ebb49d62de95e2b4bc19d7cfdedbc17048a5113efcdf36f6

  • SHA512

    5a3f9d0acccd7ef46e55b3d86b81213db0af014b34d6611388d87b5f0147f01d884a5e929ef19a179eaffd18b20e9913b49b560fdba63023f955510fc204c4fc

  • SSDEEP

    3072:8K62ZVTj+bw1nSBOJCM+lmsolAIrRuw+mqv9j1MWLQR:mbInV+lDAA

Score
10/10
xwormrattrojan

Malware Config

Extracted

Family

xworm

C2

westxw.duckdns.org:1604

Attributes
  • Install_directory

    %AppData%

  • install_file

    dekont.exe

Targets

    • Target

      2024-06-28_cf237eeab248f01b9615211042857f7f_hiddentear

    • Size

      157KB

    • MD5

      cf237eeab248f01b9615211042857f7f

    • SHA1

      d68972d8ef6f7e7394771eda9d72e4e47e4bbe52

    • SHA256

      64ba60e41476d524ebb49d62de95e2b4bc19d7cfdedbc17048a5113efcdf36f6

    • SHA512

      5a3f9d0acccd7ef46e55b3d86b81213db0af014b34d6611388d87b5f0147f01d884a5e929ef19a179eaffd18b20e9913b49b560fdba63023f955510fc204c4fc

    • SSDEEP

      3072:8K62ZVTj+bw1nSBOJCM+lmsolAIrRuw+mqv9j1MWLQR:mbInV+lDAA

    Score
    10/10
    xwormrattrojan

    • Detect Xworm Payload

    • Xworm

      Xworm is a remote access trojan written in C#.

      trojanratxworm

    • Detects Windows executables referencing non-Windows User-Agents

    • Drops startup file

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Tasks