xworm | 737b8ba2b7237d3fb796877f49748682d4a8be63ef5bef59e601ec1020ed4f86 | Triage

Submit
Reports

Overview

overview

Static

static

1

Setup.exe

windows10-2004-x64

Resubmissions

09/05/2023, 20:15

230509-y113paea33 10

09/05/2023, 19:51

230509-yk45eadh55 10

Sharing

General

Target

Setup.exe
Size

43.2MB
Sample

230509-y113paea33
MD5

d1a21bfd883572a963ca35d2ff9f90bf
SHA1

b683334b9a6d973c5f0ae6b2a0d0fa17ebb3de87
SHA256

737b8ba2b7237d3fb796877f49748682d4a8be63ef5bef59e601ec1020ed4f86
SHA512

80ecc330a8e3d09b397d9ea756501dff240949151590a109fb83f901276f2149826f5a5395334205b1f66381262d505713dae1b03e0c48dfee1c59964499e276
SSDEEP

786432:5pVjBMGuH5hYAdfr5Vbsz6zpwA22YpSnMVMzBxpT0U2OTNLxJ95iv97:5pVjBM/7ld9V5pwT3pSnM2VxJGOTR47

Score

10^/10

xworm bootkit discovery persistence rat trojan

Static task

static1

Behavioral task

behavioral1

Sample

Setup.exe

Resource

win10v2004-20230220-en

xworm bootkit discovery persistence rat trojan

windows10-2004-x64

24 signatures

600 seconds

Malware Config

Targets

- Target
  
  Setup.exe
- Size
  
  43.2MB
- MD5
  
  d1a21bfd883572a963ca35d2ff9f90bf
- SHA1
  
  b683334b9a6d973c5f0ae6b2a0d0fa17ebb3de87
- SHA256
  
  737b8ba2b7237d3fb796877f49748682d4a8be63ef5bef59e601ec1020ed4f86
- SHA512
  
  80ecc330a8e3d09b397d9ea756501dff240949151590a109fb83f901276f2149826f5a5395334205b1f66381262d505713dae1b03e0c48dfee1c59964499e276
- SSDEEP
  
  786432:5pVjBMGuH5hYAdfr5Vbsz6zpwA22YpSnMVMzBxpT0U2OTNLxJ95iv97:5pVjBM/7ld9V5pwT3pSnM2VxJGOTR47
Score

10^/10

xworm bootkit discovery persistence rat trojan
- Xworm
  Xworm is a remote access trojan written in C#.
  trojan rat xworm
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Loads dropped DLL
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
- Enumerates connected drives
  Attempts to read the root path of hard drives other than the default C: drive.
- Writes to the Master Boot Record (MBR)
  Bootkits write to the MBR to gain persistence at a level below the operating system.
  bootkit persistence
- Drops file in System32 directory
behavioral1

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Bootkit

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Peripheral Device Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

xwormbootkitdiscoverypersistencerattrojan

© 2018-2025

Terms | Privacy