Overview

overview

10

Static

static

10

New folder...0).exe

windows11-21h2-x64

10

New folder...1).exe

windows11-21h2-x64

10

New folder...2).exe

windows11-21h2-x64

10

New folder...3).exe

windows11-21h2-x64

10

New folder...4).exe

windows11-21h2-x64

10

New folder...5).exe

windows11-21h2-x64

10

New folder...6).exe

windows11-21h2-x64

10

New folder...7).exe

windows11-21h2-x64

10

New folder...8).exe

windows11-21h2-x64

10

New folder...9).exe

windows11-21h2-x64

10

New folder...2).exe

windows11-21h2-x64

10

New folder...0).exe

windows11-21h2-x64

10

New folder...1).exe

windows11-21h2-x64

10

New folder...2).exe

windows11-21h2-x64

10

New folder...3).exe

windows11-21h2-x64

10

New folder...4).exe

windows11-21h2-x64

10

New folder...5).exe

windows11-21h2-x64

10

New folder...6).exe

windows11-21h2-x64

10

New folder...7).exe

windows11-21h2-x64

10

New folder...8).exe

windows11-21h2-x64

10

New folder...9).exe

windows11-21h2-x64

10

New folder...3).exe

windows11-21h2-x64

New folder...0).exe

windows11-21h2-x64

10

New folder...1).exe

windows11-21h2-x64

10

New folder...4).exe

windows11-21h2-x64

10

New folder...5).exe

windows11-21h2-x64

10

New folder...6).exe

windows11-21h2-x64

10

New folder...7).exe

windows11-21h2-x64

10

New folder...8).exe

windows11-21h2-x64

10

New folder...9).exe

windows11-21h2-x64

10

New folder...py.exe

windows11-21h2-x64

10

New folder...nt.exe

windows11-21h2-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    New folder.rar

  • Size

    1.2MB

  • Sample

    240715-rlfd4svbqm

  • MD5

    8c3ed50e259dad0b5ca3108a7eff1f9b

  • SHA1

    00ee60b75fa0de2835d793c4ffabae8efc71981f

  • SHA256

    571cfccf544e14d1f2c142869bbfa626efdb3bdc51f14218340ade7ec4dc7e7f

  • SHA512

    298591483c7be3468626225c5b240f0614a560e2f80a943e7540342ed283c56cfa1e2814c464e8ca7d76f28eb87218613a76cb98fc0764fa0685940ad1285e25

  • SSDEEP

    24576:i3vRNi+Lb8I4nf9ZWyHvWhFmYbFUKXerx:i3vRNi+Lb8I4nf9ZWyHvWhFmYbFUKXe9

Score
10/10
xwormrattrojan

Malware Config

Extracted

Family

xworm

C2

father-status.gl.at.ply.gg:64204

Attributes
  • Install_directory

    %AppData%

  • install_file

    $77-penisware-cumedition.exe

Targets

    • Target

      New folder/XClient - Copy (10).exe

    • Size

      63KB

    • MD5

      2ec6a81606494f96a98e62ea7bbf370a

    • SHA1

      c11efe9e36f56b9187547b83a82aec7d53ca8a0f

    • SHA256

      d9ae6b8d1057175b7fec23351b5731f54286bda4c7990b4d05a4790a22054f1f

    • SHA512

      147020aa1336583b66d265de731643ba463323716936a836ae0c0b8322bf389b5effa56701e636d547def03f0e83ca00a6acf73cc3320b1eefce0d2756f785f4

    • SSDEEP

      1536:5NQxMwbdqmz+cwBOjjkbXJO6Yq9xMO23WxD:rQSiomz+cw8jjkbXAWuO23AD

    Score
    10/10
    xwormrattrojan

    • Detect Xworm Payload

    • Xworm

      Xworm is a remote access trojan written in C#.

      trojanratxworm

    • Executes dropped EXE

    behavioral1

    • Target

      New folder/XClient - Copy (11).exe

    • Size

      63KB

    • MD5

      2ec6a81606494f96a98e62ea7bbf370a

    • SHA1

      c11efe9e36f56b9187547b83a82aec7d53ca8a0f

    • SHA256

      d9ae6b8d1057175b7fec23351b5731f54286bda4c7990b4d05a4790a22054f1f

    • SHA512

      147020aa1336583b66d265de731643ba463323716936a836ae0c0b8322bf389b5effa56701e636d547def03f0e83ca00a6acf73cc3320b1eefce0d2756f785f4

    • SSDEEP

      1536:5NQxMwbdqmz+cwBOjjkbXJO6Yq9xMO23WxD:rQSiomz+cw8jjkbXAWuO23AD

    Score
    10/10
    xwormrattrojan

    • Detect Xworm Payload

    • Xworm

      Xworm is a remote access trojan written in C#.

      trojanratxworm

    • Executes dropped EXE

    behavioral2

    • Target

      New folder/XClient - Copy (12).exe

    • Size

      63KB

    • MD5

      2ec6a81606494f96a98e62ea7bbf370a

    • SHA1

      c11efe9e36f56b9187547b83a82aec7d53ca8a0f

    • SHA256

      d9ae6b8d1057175b7fec23351b5731f54286bda4c7990b4d05a4790a22054f1f

    • SHA512

      147020aa1336583b66d265de731643ba463323716936a836ae0c0b8322bf389b5effa56701e636d547def03f0e83ca00a6acf73cc3320b1eefce0d2756f785f4

    • SSDEEP

      1536:5NQxMwbdqmz+cwBOjjkbXJO6Yq9xMO23WxD:rQSiomz+cw8jjkbXAWuO23AD

    Score
    10/10
    xwormrattrojan

    • Detect Xworm Payload

    • Xworm

      Xworm is a remote access trojan written in C#.

      trojanratxworm

    • Executes dropped EXE

    behavioral3

    • Target

      New folder/XClient - Copy (13).exe

    • Size

      63KB

    • MD5

      2ec6a81606494f96a98e62ea7bbf370a

    • SHA1

      c11efe9e36f56b9187547b83a82aec7d53ca8a0f

    • SHA256

      d9ae6b8d1057175b7fec23351b5731f54286bda4c7990b4d05a4790a22054f1f

    • SHA512

      147020aa1336583b66d265de731643ba463323716936a836ae0c0b8322bf389b5effa56701e636d547def03f0e83ca00a6acf73cc3320b1eefce0d2756f785f4

    • SSDEEP

      1536:5NQxMwbdqmz+cwBOjjkbXJO6Yq9xMO23WxD:rQSiomz+cw8jjkbXAWuO23AD

    Score
    10/10
    xwormrattrojan

    • Detect Xworm Payload

    • Xworm

      Xworm is a remote access trojan written in C#.

      trojanratxworm

    • Executes dropped EXE

    behavioral4

    • Target

      New folder/XClient - Copy (14).exe

    • Size

      63KB

    • MD5

      2ec6a81606494f96a98e62ea7bbf370a

    • SHA1

      c11efe9e36f56b9187547b83a82aec7d53ca8a0f

    • SHA256

      d9ae6b8d1057175b7fec23351b5731f54286bda4c7990b4d05a4790a22054f1f

    • SHA512

      147020aa1336583b66d265de731643ba463323716936a836ae0c0b8322bf389b5effa56701e636d547def03f0e83ca00a6acf73cc3320b1eefce0d2756f785f4

    • SSDEEP

      1536:5NQxMwbdqmz+cwBOjjkbXJO6Yq9xMO23WxD:rQSiomz+cw8jjkbXAWuO23AD

    Score
    10/10
    xwormrattrojan

    • Detect Xworm Payload

    • Xworm

      Xworm is a remote access trojan written in C#.

      trojanratxworm

    • Executes dropped EXE

    behavioral5

    • Target

      New folder/XClient - Copy (15).exe

    • Size

      63KB

    • MD5

      2ec6a81606494f96a98e62ea7bbf370a

    • SHA1

      c11efe9e36f56b9187547b83a82aec7d53ca8a0f

    • SHA256

      d9ae6b8d1057175b7fec23351b5731f54286bda4c7990b4d05a4790a22054f1f

    • SHA512

      147020aa1336583b66d265de731643ba463323716936a836ae0c0b8322bf389b5effa56701e636d547def03f0e83ca00a6acf73cc3320b1eefce0d2756f785f4

    • SSDEEP

      1536:5NQxMwbdqmz+cwBOjjkbXJO6Yq9xMO23WxD:rQSiomz+cw8jjkbXAWuO23AD

    Score
    10/10
    xwormrattrojan

    • Detect Xworm Payload

    • Xworm

      Xworm is a remote access trojan written in C#.

      trojanratxworm

    • Executes dropped EXE

    behavioral6

    • Target

      New folder/XClient - Copy (16).exe

    • Size

      63KB

    • MD5

      2ec6a81606494f96a98e62ea7bbf370a

    • SHA1

      c11efe9e36f56b9187547b83a82aec7d53ca8a0f

    • SHA256

      d9ae6b8d1057175b7fec23351b5731f54286bda4c7990b4d05a4790a22054f1f

    • SHA512

      147020aa1336583b66d265de731643ba463323716936a836ae0c0b8322bf389b5effa56701e636d547def03f0e83ca00a6acf73cc3320b1eefce0d2756f785f4

    • SSDEEP

      1536:5NQxMwbdqmz+cwBOjjkbXJO6Yq9xMO23WxD:rQSiomz+cw8jjkbXAWuO23AD

    Score
    10/10
    xwormrattrojan

    • Detect Xworm Payload

    • Xworm

      Xworm is a remote access trojan written in C#.

      trojanratxworm

    • Executes dropped EXE

    behavioral7

    • Target

      New folder/XClient - Copy (17).exe

    • Size

      63KB

    • MD5

      2ec6a81606494f96a98e62ea7bbf370a

    • SHA1

      c11efe9e36f56b9187547b83a82aec7d53ca8a0f

    • SHA256

      d9ae6b8d1057175b7fec23351b5731f54286bda4c7990b4d05a4790a22054f1f

    • SHA512

      147020aa1336583b66d265de731643ba463323716936a836ae0c0b8322bf389b5effa56701e636d547def03f0e83ca00a6acf73cc3320b1eefce0d2756f785f4

    • SSDEEP

      1536:5NQxMwbdqmz+cwBOjjkbXJO6Yq9xMO23WxD:rQSiomz+cw8jjkbXAWuO23AD

    Score
    10/10
    xwormrattrojan

    • Detect Xworm Payload

    • Xworm

      Xworm is a remote access trojan written in C#.

      trojanratxworm

    • Executes dropped EXE

    behavioral8

    • Target

      New folder/XClient - Copy (18).exe

    • Size

      63KB

    • MD5

      2ec6a81606494f96a98e62ea7bbf370a

    • SHA1

      c11efe9e36f56b9187547b83a82aec7d53ca8a0f

    • SHA256

      d9ae6b8d1057175b7fec23351b5731f54286bda4c7990b4d05a4790a22054f1f

    • SHA512

      147020aa1336583b66d265de731643ba463323716936a836ae0c0b8322bf389b5effa56701e636d547def03f0e83ca00a6acf73cc3320b1eefce0d2756f785f4

    • SSDEEP

      1536:5NQxMwbdqmz+cwBOjjkbXJO6Yq9xMO23WxD:rQSiomz+cw8jjkbXAWuO23AD

    Score
    10/10
    xwormrattrojan

    • Detect Xworm Payload

    • Xworm

      Xworm is a remote access trojan written in C#.

      trojanratxworm

    • Executes dropped EXE

    behavioral9

    • Target

      New folder/XClient - Copy (19).exe

    • Size

      63KB

    • MD5

      2ec6a81606494f96a98e62ea7bbf370a

    • SHA1

      c11efe9e36f56b9187547b83a82aec7d53ca8a0f

    • SHA256

      d9ae6b8d1057175b7fec23351b5731f54286bda4c7990b4d05a4790a22054f1f

    • SHA512

      147020aa1336583b66d265de731643ba463323716936a836ae0c0b8322bf389b5effa56701e636d547def03f0e83ca00a6acf73cc3320b1eefce0d2756f785f4

    • SSDEEP

      1536:5NQxMwbdqmz+cwBOjjkbXJO6Yq9xMO23WxD:rQSiomz+cw8jjkbXAWuO23AD

    Score
    10/10
    xwormrattrojan

    • Detect Xworm Payload

    • Xworm

      Xworm is a remote access trojan written in C#.

      trojanratxworm

    • Executes dropped EXE

    behavioral10

    • Target

      New folder/XClient - Copy (2).exe

    • Size

      63KB

    • MD5

      2ec6a81606494f96a98e62ea7bbf370a

    • SHA1

      c11efe9e36f56b9187547b83a82aec7d53ca8a0f

    • SHA256

      d9ae6b8d1057175b7fec23351b5731f54286bda4c7990b4d05a4790a22054f1f

    • SHA512

      147020aa1336583b66d265de731643ba463323716936a836ae0c0b8322bf389b5effa56701e636d547def03f0e83ca00a6acf73cc3320b1eefce0d2756f785f4

    • SSDEEP

      1536:5NQxMwbdqmz+cwBOjjkbXJO6Yq9xMO23WxD:rQSiomz+cw8jjkbXAWuO23AD

    Score
    10/10
    xwormrattrojan

    • Detect Xworm Payload

    • Xworm

      Xworm is a remote access trojan written in C#.

      trojanratxworm

    • Executes dropped EXE

    behavioral11

    • Target

      New folder/XClient - Copy (20).exe

    • Size

      63KB

    • MD5

      2ec6a81606494f96a98e62ea7bbf370a

    • SHA1

      c11efe9e36f56b9187547b83a82aec7d53ca8a0f

    • SHA256

      d9ae6b8d1057175b7fec23351b5731f54286bda4c7990b4d05a4790a22054f1f

    • SHA512

      147020aa1336583b66d265de731643ba463323716936a836ae0c0b8322bf389b5effa56701e636d547def03f0e83ca00a6acf73cc3320b1eefce0d2756f785f4

    • SSDEEP

      1536:5NQxMwbdqmz+cwBOjjkbXJO6Yq9xMO23WxD:rQSiomz+cw8jjkbXAWuO23AD

    Score
    10/10
    xwormrattrojan

    • Detect Xworm Payload

    • Xworm

      Xworm is a remote access trojan written in C#.

      trojanratxworm

    • Executes dropped EXE

    behavioral12

    • Target

      New folder/XClient - Copy (21).exe

    • Size

      63KB

    • MD5

      2ec6a81606494f96a98e62ea7bbf370a

    • SHA1

      c11efe9e36f56b9187547b83a82aec7d53ca8a0f

    • SHA256

      d9ae6b8d1057175b7fec23351b5731f54286bda4c7990b4d05a4790a22054f1f

    • SHA512

      147020aa1336583b66d265de731643ba463323716936a836ae0c0b8322bf389b5effa56701e636d547def03f0e83ca00a6acf73cc3320b1eefce0d2756f785f4

    • SSDEEP

      1536:5NQxMwbdqmz+cwBOjjkbXJO6Yq9xMO23WxD:rQSiomz+cw8jjkbXAWuO23AD

    Score
    10/10
    xwormrattrojan

    • Detect Xworm Payload

    • Xworm

      Xworm is a remote access trojan written in C#.

      trojanratxworm

    • Executes dropped EXE

    behavioral13

    • Target

      New folder/XClient - Copy (22).exe

    • Size

      63KB

    • MD5

      2ec6a81606494f96a98e62ea7bbf370a

    • SHA1

      c11efe9e36f56b9187547b83a82aec7d53ca8a0f

    • SHA256

      d9ae6b8d1057175b7fec23351b5731f54286bda4c7990b4d05a4790a22054f1f

    • SHA512

      147020aa1336583b66d265de731643ba463323716936a836ae0c0b8322bf389b5effa56701e636d547def03f0e83ca00a6acf73cc3320b1eefce0d2756f785f4

    • SSDEEP

      1536:5NQxMwbdqmz+cwBOjjkbXJO6Yq9xMO23WxD:rQSiomz+cw8jjkbXAWuO23AD

    Score
    10/10
    xwormrattrojan

    • Detect Xworm Payload

    • Xworm

      Xworm is a remote access trojan written in C#.

      trojanratxworm

    • Executes dropped EXE

    behavioral14

    • Target

      New folder/XClient - Copy (23).exe

    • Size

      63KB

    • MD5

      2ec6a81606494f96a98e62ea7bbf370a

    • SHA1

      c11efe9e36f56b9187547b83a82aec7d53ca8a0f

    • SHA256

      d9ae6b8d1057175b7fec23351b5731f54286bda4c7990b4d05a4790a22054f1f

    • SHA512

      147020aa1336583b66d265de731643ba463323716936a836ae0c0b8322bf389b5effa56701e636d547def03f0e83ca00a6acf73cc3320b1eefce0d2756f785f4

    • SSDEEP

      1536:5NQxMwbdqmz+cwBOjjkbXJO6Yq9xMO23WxD:rQSiomz+cw8jjkbXAWuO23AD

    Score
    10/10
    xwormrattrojan

    • Detect Xworm Payload

    • Xworm

      Xworm is a remote access trojan written in C#.

      trojanratxworm

    • Executes dropped EXE

    behavioral15

    • Target

      New folder/XClient - Copy (24).exe

    • Size

      63KB

    • MD5

      2ec6a81606494f96a98e62ea7bbf370a

    • SHA1

      c11efe9e36f56b9187547b83a82aec7d53ca8a0f

    • SHA256

      d9ae6b8d1057175b7fec23351b5731f54286bda4c7990b4d05a4790a22054f1f

    • SHA512

      147020aa1336583b66d265de731643ba463323716936a836ae0c0b8322bf389b5effa56701e636d547def03f0e83ca00a6acf73cc3320b1eefce0d2756f785f4

    • SSDEEP

      1536:5NQxMwbdqmz+cwBOjjkbXJO6Yq9xMO23WxD:rQSiomz+cw8jjkbXAWuO23AD

    Score
    10/10
    xwormrattrojan

    • Detect Xworm Payload

    • Xworm

      Xworm is a remote access trojan written in C#.

      trojanratxworm

    • Executes dropped EXE

    behavioral16

    • Target

      New folder/XClient - Copy (25).exe

    • Size

      63KB

    • MD5

      2ec6a81606494f96a98e62ea7bbf370a

    • SHA1

      c11efe9e36f56b9187547b83a82aec7d53ca8a0f

    • SHA256

      d9ae6b8d1057175b7fec23351b5731f54286bda4c7990b4d05a4790a22054f1f

    • SHA512

      147020aa1336583b66d265de731643ba463323716936a836ae0c0b8322bf389b5effa56701e636d547def03f0e83ca00a6acf73cc3320b1eefce0d2756f785f4

    • SSDEEP

      1536:5NQxMwbdqmz+cwBOjjkbXJO6Yq9xMO23WxD:rQSiomz+cw8jjkbXAWuO23AD

    Score
    10/10
    xwormrattrojan

    • Detect Xworm Payload

    • Xworm

      Xworm is a remote access trojan written in C#.

      trojanratxworm

    • Executes dropped EXE

    behavioral17

    • Target

      New folder/XClient - Copy (26).exe

    • Size

      63KB

    • MD5

      2ec6a81606494f96a98e62ea7bbf370a

    • SHA1

      c11efe9e36f56b9187547b83a82aec7d53ca8a0f

    • SHA256

      d9ae6b8d1057175b7fec23351b5731f54286bda4c7990b4d05a4790a22054f1f

    • SHA512

      147020aa1336583b66d265de731643ba463323716936a836ae0c0b8322bf389b5effa56701e636d547def03f0e83ca00a6acf73cc3320b1eefce0d2756f785f4

    • SSDEEP

      1536:5NQxMwbdqmz+cwBOjjkbXJO6Yq9xMO23WxD:rQSiomz+cw8jjkbXAWuO23AD

    Score
    10/10
    xwormrattrojan

    • Detect Xworm Payload

    • Xworm

      Xworm is a remote access trojan written in C#.

      trojanratxworm

    • Executes dropped EXE

    behavioral18

    • Target

      New folder/XClient - Copy (27).exe

    • Size

      63KB

    • MD5

      2ec6a81606494f96a98e62ea7bbf370a

    • SHA1

      c11efe9e36f56b9187547b83a82aec7d53ca8a0f

    • SHA256

      d9ae6b8d1057175b7fec23351b5731f54286bda4c7990b4d05a4790a22054f1f

    • SHA512

      147020aa1336583b66d265de731643ba463323716936a836ae0c0b8322bf389b5effa56701e636d547def03f0e83ca00a6acf73cc3320b1eefce0d2756f785f4

    • SSDEEP

      1536:5NQxMwbdqmz+cwBOjjkbXJO6Yq9xMO23WxD:rQSiomz+cw8jjkbXAWuO23AD

    Score
    10/10
    xwormrattrojan

    • Detect Xworm Payload

    • Xworm

      Xworm is a remote access trojan written in C#.

      trojanratxworm

    • Executes dropped EXE

    behavioral19

    • Target

      New folder/XClient - Copy (28).exe

    • Size

      63KB

    • MD5

      2ec6a81606494f96a98e62ea7bbf370a

    • SHA1

      c11efe9e36f56b9187547b83a82aec7d53ca8a0f

    • SHA256

      d9ae6b8d1057175b7fec23351b5731f54286bda4c7990b4d05a4790a22054f1f

    • SHA512

      147020aa1336583b66d265de731643ba463323716936a836ae0c0b8322bf389b5effa56701e636d547def03f0e83ca00a6acf73cc3320b1eefce0d2756f785f4

    • SSDEEP

      1536:5NQxMwbdqmz+cwBOjjkbXJO6Yq9xMO23WxD:rQSiomz+cw8jjkbXAWuO23AD

    Score
    10/10
    xwormrattrojan

    • Detect Xworm Payload

    • Xworm

      Xworm is a remote access trojan written in C#.

      trojanratxworm

    • Executes dropped EXE

    behavioral20

    • Target

      New folder/XClient - Copy (29).exe

    • Size

      63KB

    • MD5

      2ec6a81606494f96a98e62ea7bbf370a

    • SHA1

      c11efe9e36f56b9187547b83a82aec7d53ca8a0f

    • SHA256

      d9ae6b8d1057175b7fec23351b5731f54286bda4c7990b4d05a4790a22054f1f

    • SHA512

      147020aa1336583b66d265de731643ba463323716936a836ae0c0b8322bf389b5effa56701e636d547def03f0e83ca00a6acf73cc3320b1eefce0d2756f785f4

    • SSDEEP

      1536:5NQxMwbdqmz+cwBOjjkbXJO6Yq9xMO23WxD:rQSiomz+cw8jjkbXAWuO23AD

    Score
    10/10
    xwormrattrojan

    • Detect Xworm Payload

    • Xworm

      Xworm is a remote access trojan written in C#.

      trojanratxworm

    • Executes dropped EXE

    behavioral21

    • Target

      New folder/XClient - Copy (3).exe

    • Size

      63KB

    • MD5

      2ec6a81606494f96a98e62ea7bbf370a

    • SHA1

      c11efe9e36f56b9187547b83a82aec7d53ca8a0f

    • SHA256

      d9ae6b8d1057175b7fec23351b5731f54286bda4c7990b4d05a4790a22054f1f

    • SHA512

      147020aa1336583b66d265de731643ba463323716936a836ae0c0b8322bf389b5effa56701e636d547def03f0e83ca00a6acf73cc3320b1eefce0d2756f785f4

    • SSDEEP

      1536:5NQxMwbdqmz+cwBOjjkbXJO6Yq9xMO23WxD:rQSiomz+cw8jjkbXAWuO23AD

    Score
    1/10
    behavioral22

    • Target

      New folder/XClient - Copy (30).exe

    • Size

      63KB

    • MD5

      2ec6a81606494f96a98e62ea7bbf370a

    • SHA1

      c11efe9e36f56b9187547b83a82aec7d53ca8a0f

    • SHA256

      d9ae6b8d1057175b7fec23351b5731f54286bda4c7990b4d05a4790a22054f1f

    • SHA512

      147020aa1336583b66d265de731643ba463323716936a836ae0c0b8322bf389b5effa56701e636d547def03f0e83ca00a6acf73cc3320b1eefce0d2756f785f4

    • SSDEEP

      1536:5NQxMwbdqmz+cwBOjjkbXJO6Yq9xMO23WxD:rQSiomz+cw8jjkbXAWuO23AD

    Score
    10/10
    xwormrattrojan

    • Detect Xworm Payload

    • Xworm

      Xworm is a remote access trojan written in C#.

      trojanratxworm

    • Executes dropped EXE

    behavioral23

    • Target

      New folder/XClient - Copy (31).exe

    • Size

      63KB

    • MD5

      2ec6a81606494f96a98e62ea7bbf370a

    • SHA1

      c11efe9e36f56b9187547b83a82aec7d53ca8a0f

    • SHA256

      d9ae6b8d1057175b7fec23351b5731f54286bda4c7990b4d05a4790a22054f1f

    • SHA512

      147020aa1336583b66d265de731643ba463323716936a836ae0c0b8322bf389b5effa56701e636d547def03f0e83ca00a6acf73cc3320b1eefce0d2756f785f4

    • SSDEEP

      1536:5NQxMwbdqmz+cwBOjjkbXJO6Yq9xMO23WxD:rQSiomz+cw8jjkbXAWuO23AD

    Score
    10/10
    xwormrattrojan

    • Detect Xworm Payload

    • Xworm

      Xworm is a remote access trojan written in C#.

      trojanratxworm

    • Executes dropped EXE

    behavioral24

    • Target

      New folder/XClient - Copy (4).exe

    • Size

      63KB

    • MD5

      2ec6a81606494f96a98e62ea7bbf370a

    • SHA1

      c11efe9e36f56b9187547b83a82aec7d53ca8a0f

    • SHA256

      d9ae6b8d1057175b7fec23351b5731f54286bda4c7990b4d05a4790a22054f1f

    • SHA512

      147020aa1336583b66d265de731643ba463323716936a836ae0c0b8322bf389b5effa56701e636d547def03f0e83ca00a6acf73cc3320b1eefce0d2756f785f4

    • SSDEEP

      1536:5NQxMwbdqmz+cwBOjjkbXJO6Yq9xMO23WxD:rQSiomz+cw8jjkbXAWuO23AD

    Score
    10/10
    xwormrattrojan

    • Detect Xworm Payload

    • Xworm

      Xworm is a remote access trojan written in C#.

      trojanratxworm

    • Executes dropped EXE

    behavioral25

    • Target

      New folder/XClient - Copy (5).exe

    • Size

      63KB

    • MD5

      2ec6a81606494f96a98e62ea7bbf370a

    • SHA1

      c11efe9e36f56b9187547b83a82aec7d53ca8a0f

    • SHA256

      d9ae6b8d1057175b7fec23351b5731f54286bda4c7990b4d05a4790a22054f1f

    • SHA512

      147020aa1336583b66d265de731643ba463323716936a836ae0c0b8322bf389b5effa56701e636d547def03f0e83ca00a6acf73cc3320b1eefce0d2756f785f4

    • SSDEEP

      1536:5NQxMwbdqmz+cwBOjjkbXJO6Yq9xMO23WxD:rQSiomz+cw8jjkbXAWuO23AD

    Score
    10/10
    xwormrattrojan

    • Detect Xworm Payload

    • Xworm

      Xworm is a remote access trojan written in C#.

      trojanratxworm

    • Executes dropped EXE

    behavioral26

    • Target

      New folder/XClient - Copy (6).exe

    • Size

      63KB

    • MD5

      2ec6a81606494f96a98e62ea7bbf370a

    • SHA1

      c11efe9e36f56b9187547b83a82aec7d53ca8a0f

    • SHA256

      d9ae6b8d1057175b7fec23351b5731f54286bda4c7990b4d05a4790a22054f1f

    • SHA512

      147020aa1336583b66d265de731643ba463323716936a836ae0c0b8322bf389b5effa56701e636d547def03f0e83ca00a6acf73cc3320b1eefce0d2756f785f4

    • SSDEEP

      1536:5NQxMwbdqmz+cwBOjjkbXJO6Yq9xMO23WxD:rQSiomz+cw8jjkbXAWuO23AD

    Score
    10/10
    xwormrattrojan

    • Detect Xworm Payload

    • Xworm

      Xworm is a remote access trojan written in C#.

      trojanratxworm

    • Executes dropped EXE

    behavioral27

    • Target

      New folder/XClient - Copy (7).exe

    • Size

      63KB

    • MD5

      2ec6a81606494f96a98e62ea7bbf370a

    • SHA1

      c11efe9e36f56b9187547b83a82aec7d53ca8a0f

    • SHA256

      d9ae6b8d1057175b7fec23351b5731f54286bda4c7990b4d05a4790a22054f1f

    • SHA512

      147020aa1336583b66d265de731643ba463323716936a836ae0c0b8322bf389b5effa56701e636d547def03f0e83ca00a6acf73cc3320b1eefce0d2756f785f4

    • SSDEEP

      1536:5NQxMwbdqmz+cwBOjjkbXJO6Yq9xMO23WxD:rQSiomz+cw8jjkbXAWuO23AD

    Score
    10/10
    xwormrattrojan

    • Detect Xworm Payload

    • Xworm

      Xworm is a remote access trojan written in C#.

      trojanratxworm

    • Executes dropped EXE

    behavioral28

    • Target

      New folder/XClient - Copy (8).exe

    • Size

      63KB

    • MD5

      2ec6a81606494f96a98e62ea7bbf370a

    • SHA1

      c11efe9e36f56b9187547b83a82aec7d53ca8a0f

    • SHA256

      d9ae6b8d1057175b7fec23351b5731f54286bda4c7990b4d05a4790a22054f1f

    • SHA512

      147020aa1336583b66d265de731643ba463323716936a836ae0c0b8322bf389b5effa56701e636d547def03f0e83ca00a6acf73cc3320b1eefce0d2756f785f4

    • SSDEEP

      1536:5NQxMwbdqmz+cwBOjjkbXJO6Yq9xMO23WxD:rQSiomz+cw8jjkbXAWuO23AD

    Score
    10/10
    xwormrattrojan

    • Detect Xworm Payload

    • Xworm

      Xworm is a remote access trojan written in C#.

      trojanratxworm

    • Executes dropped EXE

    behavioral29

    • Target

      New folder/XClient - Copy (9).exe

    • Size

      63KB

    • MD5

      2ec6a81606494f96a98e62ea7bbf370a

    • SHA1

      c11efe9e36f56b9187547b83a82aec7d53ca8a0f

    • SHA256

      d9ae6b8d1057175b7fec23351b5731f54286bda4c7990b4d05a4790a22054f1f

    • SHA512

      147020aa1336583b66d265de731643ba463323716936a836ae0c0b8322bf389b5effa56701e636d547def03f0e83ca00a6acf73cc3320b1eefce0d2756f785f4

    • SSDEEP

      1536:5NQxMwbdqmz+cwBOjjkbXJO6Yq9xMO23WxD:rQSiomz+cw8jjkbXAWuO23AD

    Score
    10/10
    xwormrattrojan

    • Detect Xworm Payload

    • Xworm

      Xworm is a remote access trojan written in C#.

      trojanratxworm

    • Executes dropped EXE

    behavioral30

    • Target

      New folder/XClient - Copy.exe

    • Size

      63KB

    • MD5

      2ec6a81606494f96a98e62ea7bbf370a

    • SHA1

      c11efe9e36f56b9187547b83a82aec7d53ca8a0f

    • SHA256

      d9ae6b8d1057175b7fec23351b5731f54286bda4c7990b4d05a4790a22054f1f

    • SHA512

      147020aa1336583b66d265de731643ba463323716936a836ae0c0b8322bf389b5effa56701e636d547def03f0e83ca00a6acf73cc3320b1eefce0d2756f785f4

    • SSDEEP

      1536:5NQxMwbdqmz+cwBOjjkbXJO6Yq9xMO23WxD:rQSiomz+cw8jjkbXAWuO23AD

    Score
    10/10
    xwormrattrojan

    • Detect Xworm Payload

    • Xworm

      Xworm is a remote access trojan written in C#.

      trojanratxworm

    • Executes dropped EXE

    behavioral31

    • Target

      New folder/XClient.exe

    • Size

      63KB

    • MD5

      2ec6a81606494f96a98e62ea7bbf370a

    • SHA1

      c11efe9e36f56b9187547b83a82aec7d53ca8a0f

    • SHA256

      d9ae6b8d1057175b7fec23351b5731f54286bda4c7990b4d05a4790a22054f1f

    • SHA512

      147020aa1336583b66d265de731643ba463323716936a836ae0c0b8322bf389b5effa56701e636d547def03f0e83ca00a6acf73cc3320b1eefce0d2756f785f4

    • SSDEEP

      1536:5NQxMwbdqmz+cwBOjjkbXJO6Yq9xMO23WxD:rQSiomz+cw8jjkbXAWuO23AD

    Score
    10/10
    xwormrattrojan

    • Detect Xworm Payload

    • Xworm

      Xworm is a remote access trojan written in C#.

      trojanratxworm

    • Executes dropped EXE

    behavioral32

MITRE ATT&CK Enterprise v15

Tasks

static1

xworm
Score
10/10

behavioral1

xwormrattrojan
Score
10/10

behavioral2

xwormrattrojan
Score
10/10

behavioral3

xwormrattrojan
Score
10/10

behavioral4

xwormrattrojan
Score
10/10

behavioral5

xwormrattrojan
Score
10/10

behavioral6

xwormrattrojan
Score
10/10

behavioral7

xwormrattrojan
Score
10/10

behavioral8

xwormrattrojan
Score
10/10

behavioral9

xwormrattrojan
Score
10/10

behavioral10

xwormrattrojan
Score
10/10

behavioral11

xwormrattrojan
Score
10/10

behavioral12

xwormrattrojan
Score
10/10

behavioral13

xwormrattrojan
Score
10/10

behavioral14

xwormrattrojan
Score
10/10

behavioral15

xwormrattrojan
Score
10/10

behavioral16

xwormrattrojan
Score
10/10

behavioral17

xwormrattrojan
Score
10/10

behavioral18

xwormrattrojan
Score
10/10

behavioral19

xwormrattrojan
Score
10/10

behavioral20

xwormrattrojan
Score
10/10

behavioral21

xwormrattrojan
Score
10/10

behavioral22

Score
1/10

behavioral23

xwormrattrojan
Score
10/10

behavioral24

xwormrattrojan
Score
10/10

behavioral25

xwormrattrojan
Score
10/10

behavioral26

xwormrattrojan
Score
10/10

behavioral27

xwormrattrojan
Score
10/10

behavioral28

xwormrattrojan
Score
10/10

behavioral29

xwormrattrojan
Score
10/10

behavioral30

xwormrattrojan
Score
10/10

behavioral31

xwormrattrojan
Score
10/10

behavioral32

xwormrattrojan
Score
10/10