xworm

Resubmissions

22-05-2024 19:40

240522-ydt1vsea2w 1

22-05-2024 19:36

240522-ybkz6sdh4s 10

Sharing

Copy URL

Twitter E-mail

General

Target

https://easyupload.io/rrpzvu
Sample

240522-ybkz6sdh4s

Score

10^/10

Malware Config

Extracted

Family

xworm

45.83.246.140:30120

Attributes

Install_directory
%AppData%
install_file
runtime.exe

Targets

- Target
  
  https://easyupload.io/rrpzvu
Score

10^/10

xworm persistence rat trojan
- Detect Xworm Payload
- Xworm
  Xworm is a remote access trojan written in C#.
  trojan rat xworm
- Drops startup file
- Executes dropped EXE
- Adds Run key to start application
  persistence
behavioral1

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Privilege Escalation

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

System Information Discovery

T1082

Query Registry

T1012

Peripheral Device Discovery

T1120

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks

Resubmissions

Sharing

General

Malware Config

Extracted

Targets

Detect Xworm Payload

Drops startup file

Executes dropped EXE

Adds Run key to start application

MITRE ATT&CK Matrix ATT&CK v13

Tasks

static1

urlscan1

behavioral1