xworm | 8f26c490abbe3b76d42635347d83ffa6387888021d4909fcfd63e3dcc25540d2 | Triage

Submit
Reports

Overview

overview

Static

static

3

Output.exe

windows7-x64

Output.exe

windows10-2004-x64

Sharing

General

Target

Output.exe
Size

98KB
Sample

240420-sw5x7abf44
MD5

d7557a4322101418a54b3ba0d973bdb1
SHA1

57ae796673ce3d7d32dc4490f5e331c643aa8228
SHA256

8f26c490abbe3b76d42635347d83ffa6387888021d4909fcfd63e3dcc25540d2
SHA512

d2118512333b3e72eb1fad020082468b6d67689e104fcb4a0bb455c4870b429eff119987ca87d697398572e022a38949f5d3b75c3fd4c6106057d84ff786d773
SSDEEP

1536:ijXg7n3OaMrKTV82jTj5I6Ws5SZYSx8fWL5uWQaIK0naap+/l8NXftTOqg:ijw7n+NKTZFPkZvT5uCIak+/l8lfE

Score

10^/10

xworm rat trojan

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

Output.exe

Resource

win7-20240220-en

xworm rat trojan

windows7-x64

7 signatures

150 seconds

Behavioral task

behavioral2

Sample

Output.exe

Resource

win10v2004-20240412-en

xworm rat trojan

windows10-2004-x64

13 signatures

150 seconds

Malware Config

Extracted

Family

xworm

C2

million-houston.gl.at.ply.gg:27705

Attributes

Install_directory
%AppData%
install_file
BloxstrapModded.exe

Targets

- Target
  
  Output.exe
- Size
  
  98KB
- MD5
  
  d7557a4322101418a54b3ba0d973bdb1
- SHA1
  
  57ae796673ce3d7d32dc4490f5e331c643aa8228
- SHA256
  
  8f26c490abbe3b76d42635347d83ffa6387888021d4909fcfd63e3dcc25540d2
- SHA512
  
  d2118512333b3e72eb1fad020082468b6d67689e104fcb4a0bb455c4870b429eff119987ca87d697398572e022a38949f5d3b75c3fd4c6106057d84ff786d773
- SSDEEP
  
  1536:ijXg7n3OaMrKTV82jTj5I6Ws5SZYSx8fWL5uWQaIK0naap+/l8NXftTOqg:ijw7n+NKTZFPkZvT5uCIak+/l8lfE
Score

10^/10

xworm rat trojan
- Detect Xworm Payload
- Xworm
  Xworm is a remote access trojan written in C#.
  trojan rat xworm
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Drops startup file
- Executes dropped EXE
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks

static1

behavioral1

behavioral2

© 2018-2024

Terms | Privacy