xworm | 83ec4abcf9023717ce995a601a244c7c063249f5aff300d33167c93698c77cf1 | Triage

Submit
Reports

Overview

overview

Static

static

дая.exe

windows7-x64

дая.exe

windows10-2004-x64

Sharing

General

Target

дая.exe
Size

48KB
Sample

240427-lwchbagg3t
MD5

3676b623e5da4a1676d00450577c7c93
SHA1

38110837810f9decec9009af26f4e3239f6b4325
SHA256

83ec4abcf9023717ce995a601a244c7c063249f5aff300d33167c93698c77cf1
SHA512

3aec75b8a749d3edc9c708f37ac2049b72e7b1e10252a1466afd5f2bec6e94a43972c0d897858b25233fce0a3893986a68d14707c3ecb6708bfda8dd006fe3d1
SSDEEP

768:5jnKV+3greh5nVK6QgAhOWfapF/9juGx67OMh/LBSds4S1EAd8IIph:5j1greXF1AhLeF/96667OMFkdS1EAd8f

Score

10^/10

xworm rat trojan

Static task

static1

3 signatures

Behavioral task

behavioral1

Sample

дая.exe

Resource

win7-20240220-en

xworm rat trojan

windows7-x64

8 signatures

150 seconds

Behavioral task

behavioral2

Sample

дая.exe

Resource

win10v2004-20240426-en

xworm rat trojan

windows10-2004-x64

9 signatures

150 seconds

Malware Config

Extracted

Family

xworm

Version

5.0

C2

court-floral.gl.at.ply.gg:37873

Mutex

3oKTJOAH16fBXKAk

Attributes

install_file
USB.exe

aes.plain

Targets

- Target
  
  дая.exe
- Size
  
  48KB
- MD5
  
  3676b623e5da4a1676d00450577c7c93
- SHA1
  
  38110837810f9decec9009af26f4e3239f6b4325
- SHA256
  
  83ec4abcf9023717ce995a601a244c7c063249f5aff300d33167c93698c77cf1
- SHA512
  
  3aec75b8a749d3edc9c708f37ac2049b72e7b1e10252a1466afd5f2bec6e94a43972c0d897858b25233fce0a3893986a68d14707c3ecb6708bfda8dd006fe3d1
- SSDEEP
  
  768:5jnKV+3greh5nVK6QgAhOWfapF/9juGx67OMh/LBSds4S1EAd8IIph:5j1greXF1AhLeF/96667OMFkdS1EAd8f
Score

10^/10

xworm rat trojan
- Detect Xworm Payload
- Xworm
  Xworm is a remote access trojan written in C#.
  trojan rat xworm
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks

static1

behavioral1

behavioral2

© 2018-2024

Terms | Privacy