xworm | e0eecf20dadcdb759dd3bcb79a05a202bf6308df38e3724cba1ba009ca31d03b | Triage

Submit
Reports

Overview

overview

Static

static

5

5d1c2ac36c...59.exe

windows7-x64

5d1c2ac36c...59.exe

windows10-2004-x64

Sharing

General

Target

437ab2592608e8c710d9165cff2bacae.bin
Size

529KB
Sample

240701-b5jmwawbkr
MD5

fa75a349a37bee4f8b21c4e994ebfa4f
SHA1

d2c4eccf83c41c9c9281054860e5fe2f3e1c4f34
SHA256

e0eecf20dadcdb759dd3bcb79a05a202bf6308df38e3724cba1ba009ca31d03b
SHA512

c754015d57383fd6ab7e84c65542ba970e7bfff422432f8b0c681aa2fa184fdd878b6fd38a7387edfb99d2beff0d0cafee51e382829cec8beb9aa585d4f044d1
SSDEEP

12288:0CdLdBWuKPbd7nNcbOUutpS2yHOyBDb62Lztvwlr+:0mh8uK4IS2y5LLztIlr+

Score

10^/10

xworm rat trojan

Static task

static1

2 signatures

Behavioral task

behavioral1

Sample

5d1c2ac36ca274835d9025eb9e3f7a113cf57509898e02cb9add7a97824cea59.exe

Resource

win7-20240508-en

xworm rat trojan

windows7-x64

10 signatures

150 seconds

Behavioral task

behavioral2

Sample

5d1c2ac36ca274835d9025eb9e3f7a113cf57509898e02cb9add7a97824cea59.exe

Resource

win10v2004-20240508-en

xworm rat trojan

windows10-2004-x64

9 signatures

150 seconds

Malware Config

Extracted

Family

xworm

C2

127.0.0.1:2887

mynegatobenna.ddns.net:2887

Attributes

install_file
USB.exe

Targets

- Target
  
  5d1c2ac36ca274835d9025eb9e3f7a113cf57509898e02cb9add7a97824cea59.exe
- Size
  
  967KB
- MD5
  
  437ab2592608e8c710d9165cff2bacae
- SHA1
  
  935c5fe81f335ec3132c79b9f8e1e21c242a235d
- SHA256
  
  5d1c2ac36ca274835d9025eb9e3f7a113cf57509898e02cb9add7a97824cea59
- SHA512
  
  4b4b0720428d184b1f6628227ce739c4b9bbdf91ee381893f8bdc295b83a7952c9bf371ab8a96f09e269b62a0358967ce3354e82a7523b1be86df5dab8b8d900
- SSDEEP
  
  24576:SAHnh+eWsN3skA4RV1Hom2KXMmHageJJaYFp2x5:Vh+ZkldoPK8YageJAYY
Score

10^/10

xworm rat trojan
- Detect Xworm Payload
- Xworm
  Xworm is a remote access trojan written in C#.
  trojan rat xworm
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix

Tasks

static1

behavioral1

behavioral2

© 2018-2024

Terms | Privacy