xworm | 32ba94d58bb386a630c0f7ff76b730caa6e18dc023262bc160a4bc695d4d6ac2 | Triage

Submit
Reports

Overview

overview

Static

static

msmng2.exe

windows7-x64

msmng2.exe

windows10-2004-x64

Sharing

General

Target

msmng2.exe
Size

2.1MB
Sample

231207-qbdxvsbb22
MD5

3b5757f632446842aac3ecd3f1c28366
SHA1

4e00b5c8670c8a184632bdd48eedb3f90fdd4f19
SHA256

32ba94d58bb386a630c0f7ff76b730caa6e18dc023262bc160a4bc695d4d6ac2
SHA512

bee2b4ea1025ba5fd47ace7b3d9d72527ec6511aeb113f1d709c3df0debcb09405e20c5d746719d2bd91b7f304469c2c7dc9f8b746bec953947bbb9583601c6d
SSDEEP

49152:UqwmCCmvuorNkZQfE8UoGH3pRKl9+VvHu7fAws5Q:b8u8kainHPxVvHW3s5Q

Score

10^/10

xworm zgrat rat trojan

Static task

static1

5 signatures

Behavioral task

behavioral1

Sample

msmng2.exe

Resource

win7-20231130-en

xworm zgrat rat trojan

windows7-x64

9 signatures

150 seconds

Behavioral task

behavioral2

Sample

msmng2.exe

Resource

win10v2004-20231130-en

xworm zgrat rat trojan

windows10-2004-x64

12 signatures

150 seconds

Malware Config

Extracted

Family

xworm

Version

5.0

C2

5.182.87.154:7000

aes.plain

Targets

- Target
  
  msmng2.exe
- Size
  
  2.1MB
- MD5
  
  3b5757f632446842aac3ecd3f1c28366
- SHA1
  
  4e00b5c8670c8a184632bdd48eedb3f90fdd4f19
- SHA256
  
  32ba94d58bb386a630c0f7ff76b730caa6e18dc023262bc160a4bc695d4d6ac2
- SHA512
  
  bee2b4ea1025ba5fd47ace7b3d9d72527ec6511aeb113f1d709c3df0debcb09405e20c5d746719d2bd91b7f304469c2c7dc9f8b746bec953947bbb9583601c6d
- SSDEEP
  
  49152:UqwmCCmvuorNkZQfE8UoGH3pRKl9+VvHu7fAws5Q:b8u8kainHPxVvHW3s5Q
Score

10^/10

xworm zgrat rat trojan
- Detect Xworm Payload
- Detect ZGRat V1
- Xworm
  Xworm is a remote access trojan written in C#.
  trojan rat xworm
- ZGRat
  ZGRat is remote access trojan written in C#.
  rat zgrat
- Drops startup file
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix

Tasks

static1

behavioral1

xwormzgratrattrojan

behavioral2

xwormzgratrattrojan

© 2018-2024

Terms | Privacy