Overview

overview

10

Static

static

10

XWorm-RAT-...in.zip

windows11-21h2-x64

1

XWorm-RAT-...er.exe

windows11-21h2-x64

1

XWorm-RAT-....1.exe

windows11-21h2-x64

7

Sharing

Copy URL
Twitter E-mail

General

  • Target

    XWorm-RAT-V2.1-main.zip

  • Size

    34.0MB

  • Sample

    240501-s5j23sad2t

  • MD5

    88dfc456336a95ffeac16d9276083b7b

  • SHA1

    8949c8c8778bd6412a456212d4ba2707f12e9d7a

  • SHA256

    edbdc2e1bed353b533761a069b2d9a563683318fd1657ce09f9be2fa8ccd497a

  • SHA512

    988ec72613d155bc362b1c0e0f1ee731f9653947328084e96eb436e7576b8e9c5114e59488216ea4f05d48126c5dbd7e983a02a412755b59b961f15c3ceea5f5

  • SSDEEP

    786432:jiIKRjrYlNTspDclWQUF4DQXzTnHB35mjVjYX/BbmLqIZW:efApsGAX0Wh35mj+bY8

Score
10/10
agilenetpersistencespywarestealer

Malware Config

Targets

    • Target

      XWorm-RAT-V2.1-main.zip

    • Size

      34.0MB

    • MD5

      88dfc456336a95ffeac16d9276083b7b

    • SHA1

      8949c8c8778bd6412a456212d4ba2707f12e9d7a

    • SHA256

      edbdc2e1bed353b533761a069b2d9a563683318fd1657ce09f9be2fa8ccd497a

    • SHA512

      988ec72613d155bc362b1c0e0f1ee731f9653947328084e96eb436e7576b8e9c5114e59488216ea4f05d48126c5dbd7e983a02a412755b59b961f15c3ceea5f5

    • SSDEEP

      786432:jiIKRjrYlNTspDclWQUF4DQXzTnHB35mjVjYX/BbmLqIZW:efApsGAX0Wh35mj+bY8

    Score
    1/10
    behavioral1

    • Target

      XWorm-RAT-V2.1-main/XWorm RAT V2.1/Command Reciever.exe

    • Size

      6.5MB

    • MD5

      a21db5b6e09c3ec82f048fd7f1c4bb3a

    • SHA1

      e7ffb13176d60b79d0b3f60eaea641827f30df64

    • SHA256

      67d9b4b35c02a19ab364ad19e1972645eb98e24dcd6f1715d2a26229deb2ccf5

    • SHA512

      7caab4f21c33ef90c1104aa7256504ee40ff0a36525b15eb3d48940862346ccf90a16eef87c06d79b0ffd920beb103ed380eae45df8c9286768890b15ed1067c

    • SSDEEP

      98304:KAc94bqa9niwFYWLqDuTTTTTTdfPPpWLq+Guf2W2b6F72q0:KAcC9iwFYWuDCPPpWu+GduZ2L

    Score
    1/10
    behavioral2

    • Target

      XWorm-RAT-V2.1-main/XWorm RAT V2.1/XWorm RAT V2.1.exe

    • Size

      2.2MB

    • MD5

      835f081566e31c989b525bccb943569c

    • SHA1

      71d04e0a86ce9585e5b7a058beb0a43cf156a332

    • SHA256

      ea9258e9975b8925a739066221d996aef19b4ef4f4c91524f82e39d403f25579

    • SHA512

      9ec58f8c586ecf78ef8d75debc5dba58544558566423a634724bb5ab192aaf64f9ccbee9a5af48124a3366b2a7d24b4db71bb5743978201b881c08bad8f6fb0c

    • SSDEEP

      49152:LdYJMfC7koydmRzCxWO8e89khof23mKijV6WvFw3BAz2tIm0U:qc3vdUEWFySfdw3rtIm

    Score
    7/10
    persistencespywarestealer

    • Executes dropped EXE

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spywarestealer

    • Adds Run key to start application

      persistence

    • Legitimate hosting services abused for malware hosting/C2

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    behavioral3

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

1
T1547

Registry Run Keys / Startup Folder

1
T1547.001

Privilege Escalation

Boot or Logon Autostart Execution

1
T1547

Registry Run Keys / Startup Folder

1
T1547.001

Defense Evasion

Modify Registry

2
T1112

Credential Access

Unsecured Credentials

1
T1552

Credentials In Files

1
T1552.001

Discovery

System Information Discovery

2
T1082

Query Registry

1
T1012

Process Discovery

1
T1057

Lateral Movement

Collection

Data from Local System

1
T1005

Exfiltration

Command and Control

Web Service

1
T1102

Impact

Resource Development

Reconnaissance

Tasks