xworm | 4b14895a45058c34fb029d0b867412bba2ba76aceb444f28b3b312b98a5a73df

Resubmissions

14/03/2024, 10:26

240314-mgrjcsbh52 10

14/03/2024, 10:25

240314-mfxc8ahe7z 10

Analysis

max time kernel
15s
platform
windows11-21h2_x64
resource
win11-20240221-en
resource tags

arch:x64arch:x86image:win11-20240221-enlocale:en-usos:windows11-21h2-x64system
submitted
14/03/2024, 10:25

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

Rino's Discord Account ToolKit/Rinos_Discord_Account_ToolKit.exe
Size

4.3MB
MD5

a7553cc8ad2b91025f5bfb532090d2b6
SHA1

5326aeb29d57118faaad3af9946584b87ad7f0d0
SHA256

6aeee8b13c11c4157a2a92a38270c30af85fb060e5ccf3ef54994d2c3a1cf5b4
SHA512

1a62dec71262fcf6561cf6ea615f9cb0a4d9d495e8759ab62b5980f6ad4211effce2e3f0726e69afb55441999e264ea25512db0e6d584d4c7e3c949429c9b81c
SSDEEP

98304:XIPanxb7sGW9NcEJn5kKxGOd82SqTxaA/XjOqC1kIq9o8ha:Ys7sGqNcLGGOJSeV7L9o

Score

10^/10

xworm rat trojan

Malware Config

Extracted

Family

xworm

Version

3.1

Attributes

install_file
game.exe

Signatures

Detect Xworm Payload 3 IoCs

resource	yara_rule
behavioral20/files/0x000500000002a739-15.dat	family_xworm
behavioral20/memory/1600-16-0x000001BC75700000-0x000001BC75750000-memory.dmp	family_xworm
behavioral20/memory/1600-39-0x000001BC75BA0000-0x000001BC75BB4000-memory.dmp	family_xworm

Xworm
Xworm is a remote access trojan written in C#.
trojan rat xworm

Drops startup file 1 IoCs

description	ioc	Process
File created	C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\IntelCpHDCPSvc.exe	Rinos_Discord_Account_ToolKit.exe

C:\Users\Admin\AppData\Local\Temp\Rino's Discord Account ToolKit\Rinos_Discord_Account_ToolKit.exe
"C:\Users\Admin\AppData\Local\Temp\Rino's Discord Account ToolKit\Rinos_Discord_Account_ToolKit.exe"
1⤵
- Drops startup file
PID:4800
- C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\IntelCpHDCPSvc.exe
  "C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\IntelCpHDCPSvc.exe"
  2⤵
  PID:1600
- C:\TOOLS\Rino's Discord Account ToolKit.exe
  "C:\TOOLS\Rino's Discord Account ToolKit.exe"
  2⤵
  PID:2332

C:\Windows\System32\dllhost.exe
C:\Windows\System32\dllhost.exe /Processid:{c1f0552d-73bf-412b-8000-7eeb72b3e187}
1⤵
PID:4272

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\TOOLS\Rino's Discord Account ToolKit.exe

Filesize
1.4MB

MD5
0dc4542655461cfaf10004416d57215a

SHA1
10ba589127f33b5f3f4003ec4ffc6349854e63d9

SHA256
af9fb1ca1fb2492841ec99c279f2c95dcabf8c664ba74cf55dc88ef724039e0b

SHA512
34f7085a652757b3b089510e19d97793e533441ec1712d4b7debfafedd390aecfdfc0c38d165fd22e752f253ef23cbb48847875145b7a64093cf3e46a2062e78

Download Submit
C:\TOOLS\Rino's Discord Account ToolKit.exe

Filesize
1024KB

MD5
c83ebb6b6c1bb95db54421bd85ed5595

SHA1
44e8613b9fcf7aea8a422e32fd1d58658ddec865

SHA256
480c22be3aaa01ec6e10ced27c5d9a09149b84072f0ae6ed27598f78d8eacf92

SHA512
f3bc2af35ec3b2be820e60a417d65877c21d53940162c575cbbc0c3e1c9e2b76b12de2f26502b6b56f933e17d2048401278992455bce8237bc22b50225197867

Download Submit
C:\TOOLS\Rino's Discord Account ToolKit.exe

Filesize
896KB

MD5
57888cde87d42d0e4d9ad3e2b0c68e38

SHA1
20131f07394fcc72a28e182272d2568f64604adc

SHA256
f6fc6556851a2fcf6aa7356d02521d619cee22ce6c59f6d2e1b98f46b666932d

SHA512
a29b8b458aad25646619c75ee06f3cae959359dc27f797f634d4d6d1152f057ff156954bd1d9b89b44b1a420e054328921f269b0eb941a51cdf241c55c6f0d5c

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\IntelCpHDCPSvc.exe

Filesize
301KB

MD5
34613dee8aeb37cf39ea63ce5fdb47ea

SHA1
c0c5816551614719bb79b7fc5f0092f3c6e50f6f

SHA256
9a14d4f1fc797330557379e7fdec808cd3ef0ba5d372c02f8ce37a86b8bed214

SHA512
0d11526487843c62fe0edf3fbba413ac6c035e8b3ce8d47f878daf9ab39e45aae4d7108e4a1652da144b8af6c38c20df354fd34850df51943748f6c21e7f36e2

Download Submit
memory/468-76-0x0000022C81BA0000-0x0000022C81BCA000-memory.dmp

Filesize
168KB

Download
memory/468-69-0x0000022C81BA0000-0x0000022C81BCA000-memory.dmp

Filesize
168KB

Download
memory/468-71-0x00007FFC777F0000-0x00007FFC77800000-memory.dmp

Filesize
64KB

Download
memory/484-70-0x0000020782F00000-0x0000020782F2A000-memory.dmp

Filesize
168KB

Download
memory/484-62-0x0000020782F00000-0x0000020782F2A000-memory.dmp

Filesize
168KB

Download
memory/484-66-0x00007FFC777F0000-0x00007FFC77800000-memory.dmp

Filesize
64KB

Download
memory/484-74-0x00007FFCB7803000-0x00007FFCB7804000-memory.dmp

Filesize
4KB

Download
memory/484-75-0x00007FFCB7806000-0x00007FFCB7807000-memory.dmp

Filesize
4KB

Download
memory/484-72-0x00007FFCB7804000-0x00007FFCB7805000-memory.dmp

Filesize
4KB

Download
memory/640-56-0x00007FFCB7804000-0x00007FFCB7805000-memory.dmp

Filesize
4KB

Download
memory/640-53-0x000001A648080000-0x000001A6480AA000-memory.dmp

Filesize
168KB

Download
memory/640-77-0x00007FFCB7803000-0x00007FFCB7804000-memory.dmp

Filesize
4KB

Download
memory/640-59-0x00007FFCB7806000-0x00007FFCB7807000-memory.dmp

Filesize
4KB

Download
memory/640-50-0x000001A648050000-0x000001A648073000-memory.dmp

Filesize
140KB

Download
memory/692-57-0x00007FFC777F0000-0x00007FFC77800000-memory.dmp

Filesize
64KB

Download
memory/692-64-0x0000013BEF930000-0x0000013BEF95A000-memory.dmp

Filesize
168KB

Download
memory/692-54-0x0000013BEF930000-0x0000013BEF95A000-memory.dmp

Filesize
168KB

Download
memory/1000-65-0x00007FFC777F0000-0x00007FFC77800000-memory.dmp

Filesize
64KB

Download
memory/1000-67-0x000001EE03260000-0x000001EE0328A000-memory.dmp

Filesize
168KB

Download
memory/1000-61-0x000001EE03260000-0x000001EE0328A000-memory.dmp

Filesize
168KB

Download
memory/1028-80-0x000001F1AC390000-0x000001F1AC3BA000-memory.dmp

Filesize
168KB

Download
memory/1028-82-0x00007FFC777F0000-0x00007FFC77800000-memory.dmp

Filesize
64KB

Download
memory/1100-83-0x00000163BBF70000-0x00000163BBF9A000-memory.dmp

Filesize
168KB

Download
memory/1100-90-0x00000163BBF70000-0x00000163BBF9A000-memory.dmp

Filesize
168KB

Download
memory/1100-85-0x00007FFC777F0000-0x00007FFC77800000-memory.dmp

Filesize
64KB

Download
memory/1108-87-0x00000297FB4C0000-0x00000297FB4EA000-memory.dmp

Filesize
168KB

Download
memory/1108-89-0x00007FFC777F0000-0x00007FFC77800000-memory.dmp

Filesize
64KB

Download
memory/1108-92-0x00000297FB4C0000-0x00000297FB4EA000-memory.dmp

Filesize
168KB

Download
memory/1176-103-0x00007FFC777F0000-0x00007FFC77800000-memory.dmp

Filesize
64KB

Download
memory/1176-99-0x000001C55F380000-0x000001C55F3AA000-memory.dmp

Filesize
168KB

Download
memory/1176-108-0x000001C55F380000-0x000001C55F3AA000-memory.dmp

Filesize
168KB

Download
memory/1220-98-0x000001BCB5C60000-0x000001BCB5C8A000-memory.dmp

Filesize
168KB

Download
memory/1220-100-0x00007FFC777F0000-0x00007FFC77800000-memory.dmp

Filesize
64KB

Download
memory/1268-102-0x000001D3F7D60000-0x000001D3F7D8A000-memory.dmp

Filesize
168KB

Download
memory/1268-110-0x000001D3F7D60000-0x000001D3F7D8A000-memory.dmp

Filesize
168KB

Download
memory/1268-105-0x00007FFC777F0000-0x00007FFC77800000-memory.dmp

Filesize
64KB

Download
memory/1600-39-0x000001BC75BA0000-0x000001BC75BB4000-memory.dmp

Filesize
80KB

Download
memory/1600-96-0x00007FFCB6790000-0x00007FFCB684D000-memory.dmp

Filesize
756KB

Download
memory/1600-26-0x00007FFCB7760000-0x00007FFCB7969000-memory.dmp

Filesize
2.0MB

Download
memory/1600-27-0x00007FFC96730000-0x00007FFC971F2000-memory.dmp

Filesize
10.8MB

Download
memory/1600-33-0x00007FFCB7760000-0x00007FFCB7969000-memory.dmp

Filesize
2.0MB

Download
memory/1600-16-0x000001BC75700000-0x000001BC75750000-memory.dmp

Filesize
320KB

Download
memory/1600-101-0x00007FFCB7760000-0x00007FFCB7969000-memory.dmp

Filesize
2.0MB

Download
memory/1600-30-0x00007FFCB6790000-0x00007FFCB684D000-memory.dmp

Filesize
756KB

Download
memory/1600-25-0x000001BC75B60000-0x000001BC75B9E000-memory.dmp

Filesize
248KB

Download
memory/1600-36-0x000001BC77F40000-0x000001BC77F50000-memory.dmp

Filesize
64KB

Download
memory/1600-88-0x00007FFC96730000-0x00007FFC971F2000-memory.dmp

Filesize
10.8MB

Download
memory/2332-106-0x00007FFC96730000-0x00007FFC971F2000-memory.dmp

Filesize
10.8MB

Download
memory/2332-42-0x00007FFC96730000-0x00007FFC971F2000-memory.dmp

Filesize
10.8MB

Download
memory/2332-48-0x000001EDAEDF0000-0x000001EDAF2A4000-memory.dmp

Filesize
4.7MB

Download
memory/2332-40-0x000001ED94120000-0x000001ED94524000-memory.dmp

Filesize
4.0MB

Download
memory/4272-38-0x0000000140000000-0x0000000140040000-memory.dmp

Filesize
256KB

Download
memory/4272-43-0x00007FFCB7760000-0x00007FFCB7969000-memory.dmp

Filesize
2.0MB

Download
memory/4272-44-0x0000000140000000-0x0000000140040000-memory.dmp

Filesize
256KB

Download
memory/4272-35-0x0000000140000000-0x0000000140040000-memory.dmp

Filesize
256KB

Download
memory/4272-41-0x0000000140000000-0x0000000140040000-memory.dmp

Filesize
256KB

Download
memory/4272-112-0x00007FFCB7760000-0x00007FFCB7969000-memory.dmp

Filesize
2.0MB

Download
memory/4272-46-0x00007FFCB6790000-0x00007FFCB684D000-memory.dmp

Filesize
756KB

Download
memory/4272-47-0x0000000140000000-0x0000000140040000-memory.dmp

Filesize
256KB

Download
memory/4800-37-0x00007FFC96730000-0x00007FFC971F2000-memory.dmp

Filesize
10.8MB

Download
memory/4800-0-0x0000000000160000-0x00000000005B0000-memory.dmp

Filesize
4.3MB

Download
memory/4800-1-0x00007FFC96730000-0x00007FFC971F2000-memory.dmp

Filesize
10.8MB

Download
memory/4800-3-0x000000001B480000-0x000000001B490000-memory.dmp

Filesize
64KB

Download

Resubmissions

Analysis

Sharing

General

Malware Config

Extracted

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads