xworm | 5a71b213f8fc258100ff601b4b567839aa8ddaf72c70e176eb67ba9c10834cdb | Triage

Sharing

Copy URL Twitter E-mail

General

Target

XClienءءءءءءءءءءءءءءءءt.exe
Size

60KB
Sample

240714-dd7lqstgkk
MD5

7c691970f52e5cb3ff18a9850737e720
SHA1

13f92d24f66e1e2dccafc01a0c18967c2c757785
SHA256

5a71b213f8fc258100ff601b4b567839aa8ddaf72c70e176eb67ba9c10834cdb
SHA512

9fc1b7d74270c9e3bd459a055e3a40fa940a1ce2f28f06fdb4dfece2130e0a04a5e4b2462acb01d2290940ddc386bb69ece9d819cd00680bbdb02669a23a6294
SSDEEP

1536:utAR0HmYQu//OjjNkTbBWgXOFg3Om90W:pB3uTbIX23O40W

Score

10^/10

xworm persistence rat trojan

Malware Config

Extracted

Family

xworm

C2

127.0.0.1:36125

session-chief.gl.at.ply.gg:36125

Attributes

Install_directory
%AppData%
install_file
XClient.exe

Targets

- Target
  
  XClienءءءءءءءءءءءءءءءءt.exe
- Size
  
  60KB
- MD5
  
  7c691970f52e5cb3ff18a9850737e720
- SHA1
  
  13f92d24f66e1e2dccafc01a0c18967c2c757785
- SHA256
  
  5a71b213f8fc258100ff601b4b567839aa8ddaf72c70e176eb67ba9c10834cdb
- SHA512
  
  9fc1b7d74270c9e3bd459a055e3a40fa940a1ce2f28f06fdb4dfece2130e0a04a5e4b2462acb01d2290940ddc386bb69ece9d819cd00680bbdb02669a23a6294
- SSDEEP
  
  1536:utAR0HmYQu//OjjNkTbBWgXOFg3Om90W:pB3uTbIX23O40W
Score

10^/10

xworm persistence rat trojan
- Detect Xworm Payload
- Xworm
  Xworm is a remote access trojan written in C#.
  trojan rat xworm
- Drops startup file
- Adds Run key to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Modify Registry

Credential Access

Discovery

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

xwormpersistencerattrojan

behavioral2

xwormpersistencerattrojan