xworm | ee1f7f277b11131515ae90942fa1b3464d576f7a9d3608554610e18c86218c68 | Triage

Submit
Reports

Overview

overview

Static

static

fresh.exe

windows7-x64

fresh.exe

windows10-2004-x64

Sharing

General

Target

ee1f7f277b11131515ae90942fa1b3464d576f7a9d3608554610e18c86218c68.zip
Size

405KB
Sample

240428-cng86aea32
MD5

67618e19823483f6699f73e018d15372
SHA1

757bc399f62c92c33d7962a277de376554480fa6
SHA256

ee1f7f277b11131515ae90942fa1b3464d576f7a9d3608554610e18c86218c68
SHA512

20d6d88428d3939768a63446aeb573384ba816946716e6c729bc58e9eaeb5b36b57266b726d93f3985ddd269d8a4ce9529e042fe5bff8010a3458807ef0fd23c
SSDEEP

1536:3hjn9ZCI0zg0E1HOiIsUU5eX9M9PXpne6+wUyAe5q:37ZVQDiIsUU529cZnIwUneq

Score

10^/10

xworm rat trojan

Static task

static1

2 signatures

Behavioral task

behavioral1

Sample

fresh.exe

Resource

win7-20240221-en

xworm rat trojan

windows7-x64

10 signatures

150 seconds

Behavioral task

behavioral2

Sample

fresh.exe

Resource

win10v2004-20240419-en

xworm rat trojan

windows10-2004-x64

10 signatures

150 seconds

Malware Config

Extracted

Family

xworm

Version

5.0

C2

vbdsg.duckdns.org:8896

Mutex

GgQUWuMVOC7DAikW

Attributes

install_file
USB.exe

aes.plain

Targets

- Target
  
  fresh.exe
- Size
  
  345.0MB
- MD5
  
  33f67337db523a8a1610dc39702e6a9e
- SHA1
  
  67783aaeb5499cd450094c5f1d20c15a4017e903
- SHA256
  
  9f0c26a9ee59081531ac9c4d5cca894cf9933e4fdbb6cc9cb9db4a614c79bb91
- SHA512
  
  da148c37f5631dc94ef545cdccf95f7c8aa59cd5d49666982333082c05ebf9a1cc27c4f64dd117408fe1b49a65a588fdc034ffa8cba187f461cc372c5c8e0602
- SSDEEP
  
  1536:fJZhM+Qw6/iPxFPP3t/zzdnr8EI5jayp3z3hXdmd30RrSkbiKyhz5u36UU5eX9Mk:++SrvbvyZg6UU529cI1VoheH
Score

10^/10

xworm rat trojan
- Detect Xworm Payload
- Xworm
  Xworm is a remote access trojan written in C#.
  trojan rat xworm
- Detects Windows executables referencing non-Windows User-Agents
- Detects executables packed with SmartAssembly
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Scheduled Task/Job

Persistence

Scheduled Task/Job

Privilege Escalation

Scheduled Task/Job

Defense Evasion

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks

static1

behavioral1

behavioral2

© 2018-2024

Terms | Privacy