xworm | d585e477ed646499680f7911e6ca4b2304c3077ee2d99f8050b4628bbad5e24f | Triage

Sharing

General

Target

Triage.ge.exe
Size

35KB
Sample

240615-pfhwyazflf
MD5

4b4d4104a63acba8387e5b045931e185
SHA1

5ce378a92e5010b60e3a2d6aa207111310bdd182
SHA256

d585e477ed646499680f7911e6ca4b2304c3077ee2d99f8050b4628bbad5e24f
SHA512

0afc7e192c77e45f340b89b7cfdc5e5a8356c012801cdc3e35b8b9232a547a2f22697d12ff331bdf9c1baa1a20ae70dd6ea9ca0db68c8c8b6e739b6b8a33206e
SSDEEP

768:/oHv9ouQGVrhiQfCYzseVFy+9FgOjhrOE8:/oHloqrhVa6sUFf9FgOjU

Score

10^/10

xworm rat trojan

Malware Config

Extracted

Family

xworm

Version

5.0

C2

modern-educators.gl.at.ply.gg:23695

Mutex

IgkIbxNBigOKN4QQ

Attributes

Install_directory
%AppData%
install_file
XClient.exe

aes.plain

Targets

- Target
  
  Triage.ge.exe
- Size
  
  35KB
- MD5
  
  4b4d4104a63acba8387e5b045931e185
- SHA1
  
  5ce378a92e5010b60e3a2d6aa207111310bdd182
- SHA256
  
  d585e477ed646499680f7911e6ca4b2304c3077ee2d99f8050b4628bbad5e24f
- SHA512
  
  0afc7e192c77e45f340b89b7cfdc5e5a8356c012801cdc3e35b8b9232a547a2f22697d12ff331bdf9c1baa1a20ae70dd6ea9ca0db68c8c8b6e739b6b8a33206e
- SSDEEP
  
  768:/oHv9ouQGVrhiQfCYzseVFy+9FgOjhrOE8:/oHloqrhVa6sUFf9FgOjU
Score

10^/10

xworm rat trojan
- Detect Xworm Payload
- Xworm
  Xworm is a remote access trojan written in C#.
  trojan rat xworm
- Drops startup file
behavioral1

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks

static1

behavioral1