xworm | 6e10b7e5efbbd3c7310dce5d5ff531d223589a8684e281cd0e0e7299abdb360e | Triage

Sharing

Copy URL Twitter E-mail

General

Target

2024-02-29_c982cc6744a26fdced10652f43a45260_ryuk
Size

5.2MB
Sample

240229-lyxahadh28
MD5

c982cc6744a26fdced10652f43a45260
SHA1

3a598a09f708ef6664309006cc4809f89f1f0472
SHA256

6e10b7e5efbbd3c7310dce5d5ff531d223589a8684e281cd0e0e7299abdb360e
SHA512

8b0b5b1e40e1ec6193e675bae3fd3f2b423634554aad8a553d39e9970d29fa00e237141cf33f9246286315a50ed25898b67fc044b3e73a869d30c3cf7b29aa8e
SSDEEP

49152:ba8T2mh3mhW9MGhqh0ekXJ0fZxegTo2PhWhG1U98MjfgTc0udYIuCf4k+EMHzJi:emh3mhW9LAgXK2UoacF9/s3uDfn+EO0

Score

10^/10

xworm rat trojan

Malware Config

Extracted

Family

xworm

Version

5.0

C2

yuncraft.kozow.com:7000

Mutex

cflKKtZhlFomE3sa

Attributes

install_file
USB.exe

aes.plain

Targets

- Target
  
  2024-02-29_c982cc6744a26fdced10652f43a45260_ryuk
- Size
  
  5.2MB
- MD5
  
  c982cc6744a26fdced10652f43a45260
- SHA1
  
  3a598a09f708ef6664309006cc4809f89f1f0472
- SHA256
  
  6e10b7e5efbbd3c7310dce5d5ff531d223589a8684e281cd0e0e7299abdb360e
- SHA512
  
  8b0b5b1e40e1ec6193e675bae3fd3f2b423634554aad8a553d39e9970d29fa00e237141cf33f9246286315a50ed25898b67fc044b3e73a869d30c3cf7b29aa8e
- SSDEEP
  
  49152:ba8T2mh3mhW9MGhqh0ekXJ0fZxegTo2PhWhG1U98MjfgTc0udYIuCf4k+EMHzJi:emh3mhW9LAgXK2UoacF9/s3uDfn+EO0
Score

10^/10

xworm rat trojan
- Detect Xworm Payload
- Xworm
  Xworm is a remote access trojan written in C#.
  trojan rat xworm
- Detects Windows executables referencing non-Windows User-Agents
- Legitimate hosting services abused for malware hosting/C2
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

Subvert Trust Controls

Install Root Certificate

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Web Service

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2