xworm | 0a08222072d332e6154e0715f5f121dce5acd4537a453803d7e4f3780e20a47b | Triage

Sharing

General

Target

Loaderexeexeexeexe.exe
Size

44KB
Sample

230709-njtl6sde9v
MD5

56a306deb7a5d6cb9d55a07dfdf5a6a5
SHA1

7690ea2d5ec1662263f0518e5de3d52aabd683ce
SHA256

0a08222072d332e6154e0715f5f121dce5acd4537a453803d7e4f3780e20a47b
SHA512

f4fd54505100d4cce35d17c9bb17bd8b7c660457b2385022a93e1e87c79e7873fd6b32a472cf50ec6ee8b07ee78d3bdf865543918b2342d0c488a6133e7b1488
SSDEEP

768:EjNVEJP+cGeI1dERNOWDRuuqMVj6h91GZB5YRmaAruAuxn:EjIJP+cGeIqRuuPM+ZB5qmB

Score

10^/10

xworm rat trojan

Malware Config

Extracted

Family

xworm

C2

okaa0-51499.portmap.host:51499

Mutex

2w3YRp5dsVzOtH2l

Attributes

install_file
explorer.exe

aes.plain

Targets

- Target
  
  Loaderexeexeexeexe.exe
- Size
  
  44KB
- MD5
  
  56a306deb7a5d6cb9d55a07dfdf5a6a5
- SHA1
  
  7690ea2d5ec1662263f0518e5de3d52aabd683ce
- SHA256
  
  0a08222072d332e6154e0715f5f121dce5acd4537a453803d7e4f3780e20a47b
- SHA512
  
  f4fd54505100d4cce35d17c9bb17bd8b7c660457b2385022a93e1e87c79e7873fd6b32a472cf50ec6ee8b07ee78d3bdf865543918b2342d0c488a6133e7b1488
- SSDEEP
  
  768:EjNVEJP+cGeI1dERNOWDRuuqMVj6h91GZB5YRmaAruAuxn:EjIJP+cGeIqRuuPM+ZB5qmB
Score

10^/10

xworm rat trojan
- Xworm
  Xworm is a remote access trojan written in C#.
  trojan rat xworm
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Drops startup file
- Executes dropped EXE
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2