xworm | 693bbd8e6b779770cf39730d0d8ecaf4ba18f2669f65b77bf1dcb1f658b853b6 | Triage

Resubmissions

16/05/2023, 08:02

230516-jw5srabh55 10

16/05/2023, 07:55

230516-jshttaad4s 10

Sharing

Copy URL Twitter E-mail

General

Target

693bbd8e6b779770cf39730d0d8ecaf4ba18f2669f65b77bf1dcb1f658b853b6
Size

35KB
Sample

230516-jshttaad4s
MD5

2cb6d3f3cbe226c62608f0ed56087a0d
SHA1

2bde7e70f1043d83988c90b0dae045c3326e4a41
SHA256

693bbd8e6b779770cf39730d0d8ecaf4ba18f2669f65b77bf1dcb1f658b853b6
SHA512

cd574c096f1b05046e83aa65e85120b4b390fdf90e7aeb11c3e3de0406bf77afbbf2140bc47f6a1e41ffda1b424e76632971126734dc67a27ac59e0747c79917
SSDEEP

384:jNg8ssvG79ki23FNxPLenxM9+OTTwNfbXmXzvsVgtFMA4P6NLTBZw/RZIvK9IkEX:emW98enxM9twMNFWP39gazOMh99QoU

Score

10^/10

xworm rat trojan

Malware Config

Extracted

Family

xworm

C2

tienichxanh.vinaddns.com:7000

Mutex

Ajv3D1sSpOst7unB

Attributes

install_file
USB.exe

aes.plain

Targets

- Target
  
  693bbd8e6b779770cf39730d0d8ecaf4ba18f2669f65b77bf1dcb1f658b853b6
- Size
  
  35KB
- MD5
  
  2cb6d3f3cbe226c62608f0ed56087a0d
- SHA1
  
  2bde7e70f1043d83988c90b0dae045c3326e4a41
- SHA256
  
  693bbd8e6b779770cf39730d0d8ecaf4ba18f2669f65b77bf1dcb1f658b853b6
- SHA512
  
  cd574c096f1b05046e83aa65e85120b4b390fdf90e7aeb11c3e3de0406bf77afbbf2140bc47f6a1e41ffda1b424e76632971126734dc67a27ac59e0747c79917
- SSDEEP
  
  384:jNg8ssvG79ki23FNxPLenxM9+OTTwNfbXmXzvsVgtFMA4P6NLTBZw/RZIvK9IkEX:emW98enxM9twMNFWP39gazOMh99QoU
Score

10^/10

xworm rat trojan
- Xworm
  Xworm is a remote access trojan written in C#.
  trojan rat xworm
- Drops startup file
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Peripheral Device Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2