xworm | d3560973cf6d7a1faea04ff7aaabc5fac5c8e2c7d5aacbd2fae8423f118ad1ba | Triage

Sharing

General

Target

1220.exe
Size

287KB
Sample

230327-f5z23sdh5t
MD5

c9ca161c6fe1c897fe79456bced7385a
SHA1

2ed335957b7ae95fcdb9b580b77069d02a7bdd55
SHA256

d3560973cf6d7a1faea04ff7aaabc5fac5c8e2c7d5aacbd2fae8423f118ad1ba
SHA512

9e03cf95d18e885bc49d3143e90a55a8547dae4f991d44103c35abb299a24b0c164409ab33069df94783f0bff769a19b58eb453231d3c53817840c44b424eaa2
SSDEEP

3072:u+SRE3U354nnJDeWmlaiaozyBRIQQ2PIbBtelpGp6ClHtVWp4+f8MMMMMMMMMMQO:25MJ6zVtWIQQ2emI6ClHtVWpaV

Score

10^/10

xworm rat trojan

Malware Config

Extracted

Family

xworm

C2

johnnew12.duckdns.org:7000

Mutex

NMFvSsFfSThofIzP

Attributes

install_file
USB.exe

aes.plain

Targets

- Target
  
  1220.exe
- Size
  
  287KB
- MD5
  
  c9ca161c6fe1c897fe79456bced7385a
- SHA1
  
  2ed335957b7ae95fcdb9b580b77069d02a7bdd55
- SHA256
  
  d3560973cf6d7a1faea04ff7aaabc5fac5c8e2c7d5aacbd2fae8423f118ad1ba
- SHA512
  
  9e03cf95d18e885bc49d3143e90a55a8547dae4f991d44103c35abb299a24b0c164409ab33069df94783f0bff769a19b58eb453231d3c53817840c44b424eaa2
- SSDEEP
  
  3072:u+SRE3U354nnJDeWmlaiaozyBRIQQ2PIbBtelpGp6ClHtVWp4+f8MMMMMMMMMMQO:25MJ6zVtWIQQ2emI6ClHtVWpaV
Score

10^/10

xworm rat trojan
- Xworm
  Xworm is a remote access trojan written in C#.
  trojan rat xworm
- Executes dropped EXE
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Scheduled Task

Persistence

Scheduled Task

Privilege Escalation

Scheduled Task

Defense Evasion

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2