xworm

Resubmissions

30-12-2024 20:44

241230-zjcjfazrhy 8

26-11-2024 18:42

26-11-2024 18:41

11-04-2024 09:32

11-04-2024 09:21

Sharing

Copy URL

Twitter E-mail

General

Target

https://www.upload.ee/download/15657107/813ac1d2bfa81d7f177e/XWorm-V5.0.rar
Sample

240411-lbmgsage63

Score

10^/10

Malware Config

Extracted

Family

xworm

127.0.0.1:7000

Mutex

cYnFSQs0oL87TAxW

Attributes

install_file
USB.exe

aes.plain

Targets

- Target
  
  https://www.upload.ee/download/15657107/813ac1d2bfa81d7f177e/XWorm-V5.0.rar
Score

10^/10

xworm ransomware rat trojan
- Detect Xworm Payload
- Xworm
  Xworm is a remote access trojan written in C#.
  trojan rat xworm
- Blocklisted process makes network request
- Executes dropped EXE
- Loads dropped DLL
- Uses the VBS compiler for execution
- Legitimate hosting services abused for malware hosting/C2
- Sets desktop wallpaper using registry
  ransomware
- Suspicious use of SetThreadContext
behavioral1

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Scripting

T1064

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Scripting

T1064

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Web Service

T1102

Exfiltration

Impact

Defacement

T1491

Tasks

Resubmissions

Sharing

General

Malware Config

Extracted

Targets

Detect Xworm Payload

Blocklisted process makes network request

Executes dropped EXE

Loads dropped DLL

Uses the VBS compiler for execution

Legitimate hosting services abused for malware hosting/C2

Sets desktop wallpaper using registry

Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks

static1

urlscan1

behavioral1