xworm | e138a0d5e625340ee5b1b0936301392cbf7a9f35a8347657de0ab4cdd47bdeae | Triage

Resubmissions

22-05-2024 09:11

240522-k5sp8aac28 10

22-05-2024 09:11

240522-k5la5sac25 10

22-05-2024 06:41

240522-hf3ssafd5x 10

Sharing

General

Target

22052024_0641_DXJS_exe_sc.bin
Size

337KB
Sample

240522-k5sp8aac28
MD5

e10e87f59726d45e840eb24f9bbdae48
SHA1

386a4a7e04961a0d450d2aa0e9d6e3b4c64f12eb
SHA256

e138a0d5e625340ee5b1b0936301392cbf7a9f35a8347657de0ab4cdd47bdeae
SHA512

46f6c6f2a4cb734876b344fbaa2bdb506a46229afea3406f9adfae5371aa315a018d80da74553c102ee22c516becb4a442b0bc6b24cae80e61274a9c6befb544
SSDEEP

6144:Fo+pJ8RgQ+Z3szVOJiaR+ULVOX2chG7uhLMiZ3Lcu1Tvk3/m0LZTUQZsh81jI:F5eYZcOJLRhLOVAM0mkJM8

Score

10^/10

xworm rat trojan

Malware Config

Extracted

Family

xworm

Version

3.1

C2

newremisco2905.duckdns.org:2905

Mutex

0h9jcqiqjT5SnJcR

Attributes

install_file
USB.exe

aes.plain

Targets

- Target
  
  22052024_0641_DXJS_exe_sc.bin
- Size
  
  337KB
- MD5
  
  e10e87f59726d45e840eb24f9bbdae48
- SHA1
  
  386a4a7e04961a0d450d2aa0e9d6e3b4c64f12eb
- SHA256
  
  e138a0d5e625340ee5b1b0936301392cbf7a9f35a8347657de0ab4cdd47bdeae
- SHA512
  
  46f6c6f2a4cb734876b344fbaa2bdb506a46229afea3406f9adfae5371aa315a018d80da74553c102ee22c516becb4a442b0bc6b24cae80e61274a9c6befb544
- SSDEEP
  
  6144:Fo+pJ8RgQ+Z3szVOJiaR+ULVOX2chG7uhLMiZ3Lcu1Tvk3/m0LZTUQZsh81jI:F5eYZcOJLRhLOVAM0mkJM8
Score

10^/10

xworm rat trojan
- Detect Xworm Payload
- Suspicious use of NtCreateUserProcessOtherParentProcess
- Xworm
  Xworm is a remote access trojan written in C#.
  trojan rat xworm
behavioral1 behavioral2

MITRE ATT&CK Matrix

Tasks

static1

behavioral1

behavioral2