xworm | 8eaf8d31a4967e1ca5ff4c53aec64eea3e37a5653a7d65519fa63d88fffd8f88 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

DB4QML3M1.pdf.exe
Size

963KB
Sample

230503-h6pnvadh55
MD5

73b610b98380f3cff26973f8fde96342
SHA1

21b0250e75ef24cf17660339465ef7cd2d61b092
SHA256

8eaf8d31a4967e1ca5ff4c53aec64eea3e37a5653a7d65519fa63d88fffd8f88
SHA512

488e48d43bdf53f78ac576e3252bf2bcc91adc24ce0d2510ecf250a8dde0f35c71617b101edc53232b17fa70bf08b92f84501aaccf537e2c1ddb3f0aaedea362
SSDEEP

12288:EuUNFThRuf3o53Gsp2hXZlh8+s3Dv4alfZqby13caYgd2DToTm:5ULhYf3o5DpYlh8h3T4gcaYgd

Score

10^/10

xworm rat trojan

Malware Config

Extracted

Family

xworm

C2

95.214.27.226:7000

Mutex

snt7zBKkLKuTPgQb

Attributes

install_file
USB.exe

aes.plain

Targets

- Target
  
  DB4QML3M1.pdf.exe
- Size
  
  963KB
- MD5
  
  73b610b98380f3cff26973f8fde96342
- SHA1
  
  21b0250e75ef24cf17660339465ef7cd2d61b092
- SHA256
  
  8eaf8d31a4967e1ca5ff4c53aec64eea3e37a5653a7d65519fa63d88fffd8f88
- SHA512
  
  488e48d43bdf53f78ac576e3252bf2bcc91adc24ce0d2510ecf250a8dde0f35c71617b101edc53232b17fa70bf08b92f84501aaccf537e2c1ddb3f0aaedea362
- SSDEEP
  
  12288:EuUNFThRuf3o53Gsp2hXZlh8+s3Dv4alfZqby13caYgd2DToTm:5ULhYf3o5DpYlh8h3T4gcaYgd
Score

10^/10

xworm rat trojan
- Xworm
  Xworm is a remote access trojan written in C#.
  trojan rat xworm
- Drops startup file
- Loads dropped DLL
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2