Overview

overview

10

Static

static

3

x433.exe

windows10-2004-x64

10

Analysis

  • max time kernel
    7s
  • max time network
    10s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240226-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
  • submitted
    30-06-2024 13:26

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    x433.exe

  • Size

    762KB

  • MD5

    148ec472df90b0fb274c3ce2ad2e811f

  • SHA1

    378ba02b08494b36ff5a2674cf99eba6c7025d6a

  • SHA256

    a08b846be9052a2614ef6a6920260d465774f5da9926f6d08449a2e4eb27b787

  • SHA512

    ab6764b598d538bc726a1e0baf02c8c4a2ccdedf77ff6b3ee63d1e27c0a05e13423142b86f38afbd9462c0d90b5c3a9963a30e110145aca455ffa5403375c5b1

  • SSDEEP

    12288:0sjApTtnb0TbQxMM90CL7VmADH2eJGCOTJfVXwAfIXZqPtbxZWdezgrrNo02UBYW:djuTt4TbQRjDH2eJQTNqcWOVZK1y02UH

Score
10/10
xwormrattrojan

Malware Config

Extracted

Family

xworm

C2

session-chief.gl.at.ply.gg:36125

Attributes
  • Install_directory

    %LocalAppData%

  • install_file

    x4usb.exe

Signatures

  • Detect Xworm Payload 2 IoCs
  • Xworm

    Xworm is a remote access trojan written in C#.

    trojanratxworm

Processes

  • C:\Users\Admin\AppData\Local\Temp\x433.exe
    "C:\Users\Admin\AppData\Local\Temp\x433.exe"
    1⤵
      PID:3488
      • C:\Users\Admin\AppData\Local\Temp\x4Shellcode.exe
        "C:\Users\Admin\AppData\Local\Temp\x4Shellcode.exe"
        2⤵
          PID:4720
        • C:\Users\Admin\AppData\Local\Temp\x4host.exe
          "C:\Users\Admin\AppData\Local\Temp\x4host.exe"
          2⤵
            PID:4632

        Network

        MITRE ATT&CK Matrix

        Replay Monitor

        Loading Replay Monitor...

        Downloads

        • C:\Users\Admin\AppData\Local\Temp\x4Shellcode.exe
          Filesize

          41KB

          MD5

          0a2603cdef8d5087f870c43d7e3d727e

          SHA1

          d34e75abd217723bec38766b2ec6170b27648f0a

          SHA256

          058e1fad13b3fa9c451fca2f9c4d1047540550c48da20ff1c713c7d59083d175

          SHA512

          5bb8eeadd575de88227e48b8676e61aff7928a8ac70bc770073df042f28a82f87d5018f7eb0ca8e0c868e856495fdaae48e14251925877df46d4af244536b842

          Download Submit
        • C:\Users\Admin\AppData\Local\Temp\x4Shellcode.exe
          Filesize

          114KB

          MD5

          c4ab0e4e75d51ce85f8ea44e439b86e5

          SHA1

          56e8a2467ed5f9c692d9a79b7cbaff62054dbe83

          SHA256

          22f147ececf5629354345064a423217c1ddb42270053042bf4cf7fd7ab43e1a7

          SHA512

          b2d0bffd8fca2960b4896cf36d0b2a147c4c51812e61caf156258b53ab0a9cb63016a99cc2e11d1acb9773ba7de9a8c7ba8df92f168caf3b63a36e879c688998

          Download Submit
        • C:\Users\Admin\AppData\Local\Temp\x4Shellcode.exe
          Filesize

          78KB

          MD5

          8c48c5f55823db19c4fff72d9f51faf2

          SHA1

          0910277b4c419ace573407a36dad99ad3b89f787

          SHA256

          8114dc7ad3590e6eb35e7c6481c8497d87cf0ce25b3f1eb35ad4d5bbe5d25c40

          SHA512

          4effc4db8cb095909a89409d4f69635417f631ee82a5aad95bf6a3e2b8d44212c0d5848bf45dabc8ca74556ec49a5218203cec3bdea4417c434d8402a5100139

          Download Submit
        • C:\Users\Admin\AppData\Local\Temp\x4host.exe
          Filesize

          68KB

          MD5

          fd744070409a72b86cc2b344d1719b33

          SHA1

          d58ded881812057a3b51e6f753ffbfe243af112e

          SHA256

          d2fd71588dd2d33c5ad58c1a5382de38227ad86092cae7401ee95c7701282730

          SHA512

          8ebde5880105f2831377c26800fdd2b482bd2fdfc5c5539ce0901828d78bd1d2475474cc5859e3a0f92a305a21bd3c1c98834e1746402d708e84622e088717d9

          Download Submit
        • memory/3488-0-0x00007FFAE3683000-0x00007FFAE3685000-memory.dmp
          Filesize

          8KB

          Download
        • memory/3488-1-0x0000000000440000-0x0000000000504000-memory.dmp
          Filesize

          784KB

          Download
        • memory/3488-5-0x00007FFAE3680000-0x00007FFAE4141000-memory.dmp
          Filesize

          10.8MB

          Download
        • memory/3488-23-0x00007FFAE3680000-0x00007FFAE4141000-memory.dmp
          Filesize

          10.8MB

          Download
        • memory/4632-24-0x00000000005B0000-0x00000000005C8000-memory.dmp
          Filesize

          96KB

          Download
        • memory/4632-25-0x00007FFAE3680000-0x00007FFAE4141000-memory.dmp
          Filesize

          10.8MB

          Download
        • memory/4720-13-0x0000000000400000-0x00000000004B9000-memory.dmp
          Filesize

          740KB

          Download
        • memory/4720-28-0x00000000026E0000-0x0000000002747000-memory.dmp
          Filesize

          412KB

          Download