xworm | e1e32a7e5096ea1ad664b321e1bd1603761e28e3b63025fa02078361545894fd | Triage

Submit
Reports

Overview

overview

Static

static

1

INVOICE-02...35.bat

windows10-2004-x64

Resubmissions

09-04-2024 17:39

240409-v8jxlahb3v 10

25-03-2024 14:18

240325-rmr5asae55 10

20-03-2024 19:31

240320-x8t4nsgg65 10

20-03-2024 18:56

240320-xlp67sga73 10

18-03-2024 12:37

240318-pt1c5she4x 10

Sharing

General

Target

INVOICE-02417869_77319135.bat
Size

304KB
Sample

240325-rmr5asae55
MD5

6d6b6c679309bd938dbcaada6f7820dd
SHA1

ccb02a27885c656c2c52dc94272b91d46c46ac7c
SHA256

e1e32a7e5096ea1ad664b321e1bd1603761e28e3b63025fa02078361545894fd
SHA512

7c2317cf54a96bde7d0cb3d1ed9afdc91e1d35835bcdcab24b56d8bd3c8c3a8320c97c90267a2171d72919c9b6a89e845582f66e76e3354c23f79f5560645032
SSDEEP

1536:eN2lxmAHlCvI8H41j/KnDTBpRcuNoCSsXDht/lFqz5FWJYDzqGHRBWZbgbLxihFZ:eN2lZhSIj/crDhFrq9FFDnl3AIdWOC

Score

10^/10

xworm rat trojan

Static task

static1

Behavioral task

behavioral1

Sample

INVOICE-02417869_77319135.bat

Resource

win10v2004-20240226-en

xworm rat trojan

windows10-2004-x64

18 signatures

1800 seconds

Malware Config

Extracted

Family

xworm

Version

5.0

C2

38.146.219.228:7000

Mutex

4l7KI6LtRV2tYmxG

Attributes

install_file
USB.exe

aes.plain

Targets

- Target
  
  INVOICE-02417869_77319135.bat
- Size
  
  304KB
- MD5
  
  6d6b6c679309bd938dbcaada6f7820dd
- SHA1
  
  ccb02a27885c656c2c52dc94272b91d46c46ac7c
- SHA256
  
  e1e32a7e5096ea1ad664b321e1bd1603761e28e3b63025fa02078361545894fd
- SHA512
  
  7c2317cf54a96bde7d0cb3d1ed9afdc91e1d35835bcdcab24b56d8bd3c8c3a8320c97c90267a2171d72919c9b6a89e845582f66e76e3354c23f79f5560645032
- SSDEEP
  
  1536:eN2lxmAHlCvI8H41j/KnDTBpRcuNoCSsXDht/lFqz5FWJYDzqGHRBWZbgbLxihFZ:eN2lZhSIj/crDhFrq9FFDnl3AIdWOC
Score

10^/10

xworm rat trojan
- Detect Xworm Payload
- Xworm
  Xworm is a remote access trojan written in C#.
  trojan rat xworm
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Drops file in System32 directory
behavioral1

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Hide Artifacts

Hidden Files and Directories

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

© 2018-2024

Terms | Privacy