Overview

overview

10

Static

static

10

c8edfd1ffc...bb.exe

windows7-x64

10

c8edfd1ffc...bb.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    c8edfd1ffcd25a1f8c14e01f6057770162195f9ae5e502bab274569a412c0ebb.exe

  • Size

    200KB

  • Sample

    240630-br6kgsvelq

  • MD5

    c6107dbd486b08126c43455536ca3478

  • SHA1

    d665a8a53a8d1025b4e5b302b8233f3dbac4c0b5

  • SHA256

    c8edfd1ffcd25a1f8c14e01f6057770162195f9ae5e502bab274569a412c0ebb

  • SHA512

    de03e349bb602e371a4c1bc719f3725b4abe11aba794fea429f581415cf5f2f200a19617bbb6187185e082c1128d15023ab8f128c105294389a94224d6f27a5b

  • SSDEEP

    3072:xo5a6HFf9FHOj88SKfbzxcwg7es6/Vsb8VKTup49oJMfF/H9N3Ky9NzLng:xotlf9FUhcX7elbKTuq9bfF/H9d9n

Score
10/10
xwormrattrojan

Malware Config

Extracted

Family

xworm

Version

5.0

C2

modern-educators.gl.at.ply.gg:23695

Mutex

Lql6KKIPQPafk0YV

Attributes
  • Install_directory

    %AppData%

  • install_file

    XClient.exe

aes.plain

Targets

    • Target

      c8edfd1ffcd25a1f8c14e01f6057770162195f9ae5e502bab274569a412c0ebb.exe

    • Size

      200KB

    • MD5

      c6107dbd486b08126c43455536ca3478

    • SHA1

      d665a8a53a8d1025b4e5b302b8233f3dbac4c0b5

    • SHA256

      c8edfd1ffcd25a1f8c14e01f6057770162195f9ae5e502bab274569a412c0ebb

    • SHA512

      de03e349bb602e371a4c1bc719f3725b4abe11aba794fea429f581415cf5f2f200a19617bbb6187185e082c1128d15023ab8f128c105294389a94224d6f27a5b

    • SSDEEP

      3072:xo5a6HFf9FHOj88SKfbzxcwg7es6/Vsb8VKTup49oJMfF/H9N3Ky9NzLng:xotlf9FUhcX7elbKTuq9bfF/H9d9n

    Score
    10/10
    xwormrattrojan

    • Detect Xworm Payload

    • Xworm

      Xworm is a remote access trojan written in C#.

      trojanratxworm

    • Detects Windows executables referencing non-Windows User-Agents

    • Drops startup file

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Tasks