xworm | 8465778370dda01dab075cb6e9a110106c41a95263ff6e44263a0acfd357753e | Triage

Sharing

General

Target

Lucid.rar
Size

8.3MB
Sample

240522-pelanshf76
MD5

bf1b390ccfdf48e3cf509bf6b7639e30
SHA1

8853f17931d1da5063ec724ff7bb862ce8b4db9b
SHA256

8465778370dda01dab075cb6e9a110106c41a95263ff6e44263a0acfd357753e
SHA512

2ebdb9c4d5613958aea53b308ca9b8363b6983f34c5e741632c13790428158cdd2bb742eae4aaa33ca900c21e8c60cdecc380551b11d2cf3416d0effbefe8867
SSDEEP

196608:pT/UL4o5UP179J9mAk81m/teh5Y68K/4400cry9tkhK+Rv:Fro87H1k8A/tI5Ylk4CWykHv

Score

10^/10

xworm persistence rat trojan

Malware Config

Extracted

Family

xworm

C2

45.83.246.140:30120

Attributes

Install_directory
%AppData%
install_file
runtime.exe

Targets

- Target
  
  Lucid.exe
- Size
  
  8.4MB
- MD5
  
  ac6657f44801b542f717e18665145e5b
- SHA1
  
  efbf677cfce4054813fb3004e42e524dbdfa4501
- SHA256
  
  e462d3688c61db7516a7ada8fb4a990b77cfdd33f2df7e84005042dfdf74c544
- SHA512
  
  3ec5ab2455e249834d2d83b29d14d9105d7dc2fcb93ab84dc0c174317a40eb4adeaa438836579fc0befb1d5605f3aec84e43cf4c91ddf020808aa7e164c4ed3b
- SSDEEP
  
  196608:RHUsHahjutr1zWC+vfOccaK3doVo8UdY5:S0a+JgvfFcrEmi5
Score

10^/10

xworm persistence rat trojan
- Detect Xworm Payload
- Xworm
  Xworm is a remote access trojan written in C#.
  trojan rat xworm
- Drops startup file
- Executes dropped EXE
- Loads dropped DLL
- Adds Run key to start application
  persistence
behavioral1
- Target
  
  key.exe
- Size
  
  69KB
- MD5
  
  a230d428e97911ce6959e1463d781257
- SHA1
  
  0946c13059bf98fd3aacefd0b2681a42b95292cd
- SHA256
  
  c8e088feb7de05c3852af588c1a440f61d06870a93b07a3c6b7e2c12c9d55b12
- SHA512
  
  089f7f6e979729ba037a19510be160d1c407c712fa01614815ce2427ff6c8fe7fa80a2cb673a36611dc37734aba63f7c87832c3848ac9ce011343c0e15b7aa68
- SSDEEP
  
  1536:KWEyI4XFyV0UUIRiZAkupj9bIu9uLhQSOIcoFqXgG:KWnIiyVxRiij9bIYYhdOBuqXz
Score

10^/10

xworm persistence rat trojan
- Detect Xworm Payload
- Xworm
  Xworm is a remote access trojan written in C#.
  trojan rat xworm
- Drops startup file
- Adds Run key to start application
  persistence
behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Modify Registry

Credential Access

Discovery

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

xwormpersistencerattrojan

behavioral2

xwormpersistencerattrojan