xworm | 83ff81c4b95a3b4ba410eb4ef1d2c2a190659b8e1ce888b94cc9e8b4a54abd3d | Triage

Submit
Reports

Overview

overview

Static

static

triage.exe

windows11-21h2-x64

Sharing

General

Target

triage.exe
Size

35KB
Sample

240615-ptsnas1blc
MD5

6ed00606fe55e314371eea57e9f894e9
SHA1

09ea2015a765c09b4cbad59180d9c2ad5633792b
SHA256

83ff81c4b95a3b4ba410eb4ef1d2c2a190659b8e1ce888b94cc9e8b4a54abd3d
SHA512

692f84d0831a63f17c680597289bd9820c0c4d4ac37964d3b5a7cee6de8c93ff40a0d12fc681cafa49eeb31ad4bf33c1a71fa33e62ff4dd599b215c8691c68e6
SSDEEP

768:WoHv9ouQGVGNhiQfCYzZ4mVFy+9FrOjhQOEn:WoHloqGNhVa6Z48Ff9FrOjC

Score

10^/10

xworm rat trojan

Static task

static1

3 signatures

Behavioral task

behavioral1

Sample

triage.exe

Resource

win11-20240611-en

xworm rat trojan

windows11-21h2-x64

12 signatures

600 seconds

Malware Config

Extracted

Family

xworm

Version

5.0

C2

modern-educators.gl.at.ply.gg:23695

Mutex

IJhXiQhKv5qiOejO

Attributes

Install_directory
%AppData%
install_file
XClient.exe

aes.plain

Targets

- Target
  
  triage.exe
- Size
  
  35KB
- MD5
  
  6ed00606fe55e314371eea57e9f894e9
- SHA1
  
  09ea2015a765c09b4cbad59180d9c2ad5633792b
- SHA256
  
  83ff81c4b95a3b4ba410eb4ef1d2c2a190659b8e1ce888b94cc9e8b4a54abd3d
- SHA512
  
  692f84d0831a63f17c680597289bd9820c0c4d4ac37964d3b5a7cee6de8c93ff40a0d12fc681cafa49eeb31ad4bf33c1a71fa33e62ff4dd599b215c8691c68e6
- SSDEEP
  
  768:WoHv9ouQGVGNhiQfCYzZ4mVFy+9FrOjhQOEn:WoHloqGNhVa6Z48Ff9FrOjC
Score

10^/10

xworm rat trojan
- Detect Xworm Payload
- Xworm
  Xworm is a remote access trojan written in C#.
  trojan rat xworm
- Drops startup file
behavioral1

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

Query Registry

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks

static1

behavioral1

© 2018-2024

Terms | Privacy