xworm | 0aa75efa4d6847f998109301da50ff119187507f08b3119148b9db5844e7c703 | Triage

Submit
Reports

Overview

overview

Static

static

1

0aa75efa4d...03.ps1

windows7-x64

1

0aa75efa4d...03.ps1

windows10-2004-x64

Sharing

General

Target

0aa75efa4d6847f998109301da50ff119187507f08b3119148b9db5844e7c703.ps1
Size

12.0MB
Sample

240428-beqy9scg8z
MD5

8520b4800af18dc9288264498350c16d
SHA1

3d3c2daf837a5faca7dbff7de7b12b6c7a066291
SHA256

0aa75efa4d6847f998109301da50ff119187507f08b3119148b9db5844e7c703
SHA512

9822c61c1c844915d6645d42319a5909bc1efb16966cad80bd153acbe02fdbdf76c546b9f341561358ab163c62a3160ad5b569efd7b976fbda502aba1378c405
SSDEEP

24576:rSUMUHnRI2kiE/ef9E+N45KZ9EqWlmevbBel/Yvn0lFwuPiJ3/V8eRSLXs3z+DWv:2vXS+5kmoQTskvKSpd1iwV0jl5

Score

10^/10

xworm rat trojan

Static task

static1

Behavioral task

behavioral1

Sample

0aa75efa4d6847f998109301da50ff119187507f08b3119148b9db5844e7c703.ps1

Resource

win7-20240221-en

windows7-x64

2 signatures

150 seconds

Behavioral task

behavioral2

Sample

0aa75efa4d6847f998109301da50ff119187507f08b3119148b9db5844e7c703.ps1

Resource

win10v2004-20240226-en

xworm rat trojan

windows10-2004-x64

9 signatures

150 seconds

Malware Config

Extracted

Family

xworm

Version

5.0

C2

hjxwrm5.duckdns.org:8896

Mutex

MSmkrgH8xVI2Dczk

Attributes

install_file
USB.exe

aes.plain

Targets

- Target
  
  0aa75efa4d6847f998109301da50ff119187507f08b3119148b9db5844e7c703.ps1
- Size
  
  12.0MB
- MD5
  
  8520b4800af18dc9288264498350c16d
- SHA1
  
  3d3c2daf837a5faca7dbff7de7b12b6c7a066291
- SHA256
  
  0aa75efa4d6847f998109301da50ff119187507f08b3119148b9db5844e7c703
- SHA512
  
  9822c61c1c844915d6645d42319a5909bc1efb16966cad80bd153acbe02fdbdf76c546b9f341561358ab163c62a3160ad5b569efd7b976fbda502aba1378c405
- SSDEEP
  
  24576:rSUMUHnRI2kiE/ef9E+N45KZ9EqWlmevbBel/Yvn0lFwuPiJ3/V8eRSLXs3z+DWv:2vXS+5kmoQTskvKSpd1iwV0jl5
Score

10^/10

xworm rat trojan
- Detect Xworm Payload
- Suspicious use of NtCreateUserProcessOtherParentProcess
- Xworm
  Xworm is a remote access trojan written in C#.
  trojan rat xworm
- Detects Windows executables referencing non-Windows User-Agents
behavioral1 behavioral2

MITRE ATT&CK Matrix

Tasks

static1

behavioral1

behavioral2

© 2018-2024

Terms | Privacy