xworm | 96abd6a3639256ee1af74f2a6d7cacde5a0820e5003f37995df5459d6c11cd7c | Triage

Sharing

Copy URL Twitter E-mail

General

Target

5a727248fe722916946596cd5dbad79c52753b9eb964e90593ff5f75940a481a.zip
Size

467KB
Sample

230824-kq1ghsbc76
MD5

c85849aeaf9774af6fc6a5877b52a3bf
SHA1

80bd281f61f7078100de1b60a018b239b1d8764f
SHA256

96abd6a3639256ee1af74f2a6d7cacde5a0820e5003f37995df5459d6c11cd7c
SHA512

f4095f0c5d43d8bb10c9c28af96e65f5e5940569d52ca512efa3abaefd1db20cf03f1978f3e4e5d69b6660c7db2240be453c7e737c8ff1883890a7fc3df100f4
SSDEEP

12288:/JGBsjzVBtn6DhBSju6MLh/gk+Jwr0Zr7grMPitOA:/JGBsvt6tBYV6hYwrg/gr5d

Score

10^/10

xworm rat trojan

Malware Config

Extracted

Family

xworm

C2

45.61.130.7:1010

Mutex

mUER53c9ZOF0vhKA

Attributes

install_file
USB.exe

aes.plain

Targets

- Target
  
  mail.com
- Size
  
  1024.0MB
- MD5
  
  2dd8abb9bb66813be5817c172421885b
- SHA1
  
  0598d68ec5316319220a030b52d66e135901b2de
- SHA256
  
  d11224745abfbc0a4a1c840a7fa8e1f225c3339b798d85534b0ed8fcd4ed5dd4
- SHA512
  
  e7fdf43a2b98ca4b619ce976c1199bb647f28d5dd1c67fb03deb2771059aaaf0f39a592a6afe5fc178c52207dd3d33f4b49416c7b7cddf55b04e36d2aa9f591b
- SSDEEP
  
  12288:BDqqkM/kX0OXF3WcUxumTIEzaI7vwal9kbFU5VDPugNiDArxIF:BuBsu061WnuuzaITq8DPugNnc
Score

10^/10

xworm rat trojan
- Xworm
  Xworm is a remote access trojan written in C#.
  trojan rat xworm
- Executes dropped EXE
- Loads dropped DLL
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Scheduled Task/Job

Persistence

Scheduled Task/Job

Privilege Escalation

Scheduled Task/Job

Defense Evasion

Credential Access

Discovery

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2