xworm | 5a913d75f93cab55687c50a16281a906704224448eadce3f6b0f99e6cc2dbfdb | Triage

Submit
Reports

Overview

overview

Static

static

1

zio.bat

windows10-2004-x64

Sharing

General

Target

zio.bat
Size

368KB
Sample

240609-wwhpfaeb33
MD5

1c17a6b4138408c4d9020d5f1facb603
SHA1

e907a2f443ad11e436fb22ca9890423b44c115db
SHA256

5a913d75f93cab55687c50a16281a906704224448eadce3f6b0f99e6cc2dbfdb
SHA512

78ba6eff9a50e003ace94e4ad7600222efea440c9d1085d4b84aad11b772017f2677584ce87df00c5c1a5794d8ec997b49906fbb4e28edb2e0ab6fb464c74463
SSDEEP

6144:nswmGBrnNbDhe3hO7UH+/KJStNN2dqY/b9dsRYfsTFU8NJHTRwLYnkbP:ndxfe3M5yMr2AC7UPJzRE1bP

Score

10^/10

xworm execution rat trojan

Static task

static1

Behavioral task

behavioral1

Sample

zio.bat

Resource

win10v2004-20240508-en

xworm execution rat trojan

windows10-2004-x64

21 signatures

150 seconds

Malware Config

Extracted

Family

xworm

Version

5.0

C2

looking-memphis.gl.at.ply.gg:45119

Mutex

kWJg1zELhiwxHH2W

Attributes

install_file
USB.exe

aes.plain

Targets

- Target
  
  zio.bat
- Size
  
  368KB
- MD5
  
  1c17a6b4138408c4d9020d5f1facb603
- SHA1
  
  e907a2f443ad11e436fb22ca9890423b44c115db
- SHA256
  
  5a913d75f93cab55687c50a16281a906704224448eadce3f6b0f99e6cc2dbfdb
- SHA512
  
  78ba6eff9a50e003ace94e4ad7600222efea440c9d1085d4b84aad11b772017f2677584ce87df00c5c1a5794d8ec997b49906fbb4e28edb2e0ab6fb464c74463
- SSDEEP
  
  6144:nswmGBrnNbDhe3hO7UH+/KJStNN2dqY/b9dsRYfsTFU8NJHTRwLYnkbP:ndxfe3M5yMr2AC7UPJzRE1bP
Score

10^/10

xworm execution rat trojan
- Detect Xworm Payload
- Xworm
  Xworm is a remote access trojan written in C#.
  trojan rat xworm
- Blocklisted process makes network request
- Command and Scripting Interpreter: PowerShell
  Run Powershell and hide display window.
  execution
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Drops file in System32 directory
behavioral1

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Command and Scripting Interpreter

PowerShell

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Peripheral Device Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks

static1

behavioral1

xwormexecutionrattrojan

© 2018-2024

Terms | Privacy