xworm | 9668fa123ac5d63243a973a70418c32c6405b636d54c8705d6656c3be4969ae5 | Triage

Sharing

General

Target

tmp
Size

35KB
Sample

230328-xb3pjsec3y
MD5

aa1ad291d5d8c8a85d67fdebda00274f
SHA1

d95247076cb691c52473fabcce13dcc481ae11aa
SHA256

9668fa123ac5d63243a973a70418c32c6405b636d54c8705d6656c3be4969ae5
SHA512

c00c191f50ce72128d71ee28d06f8800c590e03b0cfde5f8c0c46af6edf51c54bc85cc6bb128f4ce5ff0ae9e533628eabe587e52cd5c1aae12a96ac422d86da4
SSDEEP

384:81ThpqXsIUe603z2hp0JIwkLO41KKuDXzBXslXVf+gtF1BLTiZw/WNnvK9IIku8M:8i2hp0KfObKeYXV/F39efOO9hI3vxME

Score

10^/10

xworm rat trojan

Malware Config

Extracted

Family

xworm

C2

20.56.93.201:1604

Mutex

LsHrpmVtuRP6SOPB

Attributes

install_file
USB.exe

aes.plain

Targets

- Target
  
  tmp
- Size
  
  35KB
- MD5
  
  aa1ad291d5d8c8a85d67fdebda00274f
- SHA1
  
  d95247076cb691c52473fabcce13dcc481ae11aa
- SHA256
  
  9668fa123ac5d63243a973a70418c32c6405b636d54c8705d6656c3be4969ae5
- SHA512
  
  c00c191f50ce72128d71ee28d06f8800c590e03b0cfde5f8c0c46af6edf51c54bc85cc6bb128f4ce5ff0ae9e533628eabe587e52cd5c1aae12a96ac422d86da4
- SSDEEP
  
  384:81ThpqXsIUe603z2hp0JIwkLO41KKuDXzBXslXVf+gtF1BLTiZw/WNnvK9IIku8M:8i2hp0KfObKeYXV/F39efOO9hI3vxME
Score

10^/10

xworm rat trojan
- Xworm
  Xworm is a remote access trojan written in C#.
  trojan rat xworm
- Drops startup file
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2