xworm | cc265857b53d77402527e32d282a790dd99d3a50b9c2370377e4a02f092a925c | Triage

Sharing

General

Target

builder #6.exe
Size

3.1MB
Sample

230508-rkeq7acg7y
MD5

0038f95ef3cf7d092c0ff894516fe2b9
SHA1

d47f7818b0ac16f5dbc5f267742b9650c3a1f01a
SHA256

cc265857b53d77402527e32d282a790dd99d3a50b9c2370377e4a02f092a925c
SHA512

47d0becf4dff9fcefd57abe775fda69db7cb0fd03aa3163022d265213bd66849e25cb4bd4321766068763611506afc6d878bf6a632d0ad372223140af2703db0
SSDEEP

98304:IX8/pOayBqZTzxUxaXMS8mJjQpGY0e8m1dnr4eyVntk:IX81iwH5XMHmJYdryQ

Score

10^/10

xworm rat trojan

Malware Config

Extracted

Family

xworm

C2

classic-lovers.at.ply.gg:11647

Attributes

install_file
winlogon.exe

Targets

- Target
  
  builder #6.exe
- Size
  
  3.1MB
- MD5
  
  0038f95ef3cf7d092c0ff894516fe2b9
- SHA1
  
  d47f7818b0ac16f5dbc5f267742b9650c3a1f01a
- SHA256
  
  cc265857b53d77402527e32d282a790dd99d3a50b9c2370377e4a02f092a925c
- SHA512
  
  47d0becf4dff9fcefd57abe775fda69db7cb0fd03aa3163022d265213bd66849e25cb4bd4321766068763611506afc6d878bf6a632d0ad372223140af2703db0
- SSDEEP
  
  98304:IX8/pOayBqZTzxUxaXMS8mJjQpGY0e8m1dnr4eyVntk:IX81iwH5XMHmJYdryQ
Score

10^/10

xworm rat trojan
- Xworm
  Xworm is a remote access trojan written in C#.
  trojan rat xworm
behavioral1

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Scheduled Task

Persistence

Scheduled Task

Privilege Escalation

Scheduled Task

Defense Evasion

Credential Access

Discovery

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1