blackguard

General

Target

XWormLoader.exe
Size

8.2MB
Sample

240129-q7q73abcc6
MD5

b545d6f6bb0ea7b613185e9b6108c54c
SHA1

7228529c2b7527004b34de6406ac1c744f35f434
SHA256

a25f014c881f4e00db371fd0da081542d14d72311c86b7ad908933a9ba3269a0
SHA512

0807e5e73573da08eb562fd73022c7c44d88c3ecf888086ab52257f491c717deb058fae0b0185de5db49de6158783d25c37db2186a61f18059e4070a4abe667c
SSDEEP

196608:C58t3afccVSE+mfkSV6qfwI7fRxzpkhuUgF5ioK:CWt3afccqmfLh7pfdF5iR

Score

10^/10

Malware Config

Extracted

Family

xworm

Version

5.0

C2

5.39.43.50:5060

Mutex

26CtPZOKzqwVA6P2

Attributes

install_file
USB.exe

aes.plain

Extracted

Family

blackguard

C2

https://api.telegram.org/bot6890098459:AAHjv04XcY7xWyP2Vkp5g2wyR9vE4yvtyHs/sendMessage?chat_id=937347419

Targets

- Target
  
  XWormLoader.exe
- Size
  
  8.2MB
- MD5
  
  b545d6f6bb0ea7b613185e9b6108c54c
- SHA1
  
  7228529c2b7527004b34de6406ac1c744f35f434
- SHA256
  
  a25f014c881f4e00db371fd0da081542d14d72311c86b7ad908933a9ba3269a0
- SHA512
  
  0807e5e73573da08eb562fd73022c7c44d88c3ecf888086ab52257f491c717deb058fae0b0185de5db49de6158783d25c37db2186a61f18059e4070a4abe667c
- SSDEEP
  
  196608:C58t3afccVSE+mfkSV6qfwI7fRxzpkhuUgF5ioK:CWt3afccqmfLh7pfdF5iR
Score

10^/10

blackguard xworm rat stealer trojan
- BlackGuard
  Infostealer first seen in Late 2021.
  stealer blackguard
- Detect Xworm Payload
- Xworm
  Xworm is a remote access trojan written in C#.
  trojan rat xworm
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

1

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Extracted

Extracted

Targets

Detect Xworm Payload

Xworm

Looks up external IP address via web service

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2