xworm | c9173a2ca8507f108284bf0d883dd5f4e00642f28779b33da865f9be0f3f1765 | Triage

Submit
Reports

Overview

overview

Static

static

яустал.exe

windows7-x64

яустал.exe

windows10-2004-x64

Sharing

General

Target

яустал.exe
Size

48KB
Sample

240427-lygj2sgb29
MD5

16fe368751ad7e2e7f74ba17576cce91
SHA1

a3cf1698fe673cbf9df7dc539b9af78e3fa99218
SHA256

c9173a2ca8507f108284bf0d883dd5f4e00642f28779b33da865f9be0f3f1765
SHA512

504b5aaff8217923313d0ea31e83424afd3b250e03624b67b783d23c46ce11e856932bde287bae4cf8d83d32e0bc1d6b705d6e656bbf44fc8363e92d599fa96f
SSDEEP

768:ejnKV+3greh5nVK6wvAhOWfapF/9juj67OMhVLBcds4S1EAd8IIS:ej1greXFSAhLeF/96j67OM3KdS1EAd8S

Score

10^/10

xworm rat trojan

Static task

static1

3 signatures

Behavioral task

behavioral1

Sample

яустал.exe

Resource

win7-20240220-en

xworm rat trojan

windows7-x64

8 signatures

150 seconds

Behavioral task

behavioral2

Sample

яустал.exe

Resource

win10v2004-20240419-en

xworm rat trojan

windows10-2004-x64

14 signatures

150 seconds

Malware Config

Extracted

Family

xworm

Version

5.0

C2

court-floral.gl.at.ply.gg:37873

Mutex

iDpeCVi8LgKLrz4D

Attributes

install_file
USB.exe

aes.plain

Targets

- Target
  
  яустал.exe
- Size
  
  48KB
- MD5
  
  16fe368751ad7e2e7f74ba17576cce91
- SHA1
  
  a3cf1698fe673cbf9df7dc539b9af78e3fa99218
- SHA256
  
  c9173a2ca8507f108284bf0d883dd5f4e00642f28779b33da865f9be0f3f1765
- SHA512
  
  504b5aaff8217923313d0ea31e83424afd3b250e03624b67b783d23c46ce11e856932bde287bae4cf8d83d32e0bc1d6b705d6e656bbf44fc8363e92d599fa96f
- SSDEEP
  
  768:ejnKV+3greh5nVK6wvAhOWfapF/9juj67OMhVLBcds4S1EAd8IIS:ej1greXFSAhLeF/96j67OM3KdS1EAd8S
Score

10^/10

xworm rat trojan
- Detect Xworm Payload
- Xworm
  Xworm is a remote access trojan written in C#.
  trojan rat xworm
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks

static1

behavioral1

behavioral2

© 2018-2024

Terms | Privacy