xworm | a02eef7ae229cfab507ec2a39994995ea8d905b6ded899b86aa2b64f50046b79 | Triage

Submit
Reports

Overview

overview

Static

static

3

AstroBootS...pd.exe

windows10-2004-x64

Sharing

General

Target

AstroBootStrapper_upd.exe
Size

35.3MB
Sample

240727-bxnxma1drf
MD5

6366596bda3516a281a91c2c10217f5f
SHA1

2029a7837a7aecc36e453ac7accaaf60be851a0e
SHA256

a02eef7ae229cfab507ec2a39994995ea8d905b6ded899b86aa2b64f50046b79
SHA512

e98f7e718fd97e1affa6cd591bb272bad0fea77d08a014d4075cfa0e82c0b270dea242e47541e37864518fa0dc356c16eb95b39c72a7c49513028db822e8cb8f
SSDEEP

786432:NUufa9gYBzTKPkwETf5bPBnB7294tGiNFeGl9jPlyTiS2j+S0mLzSqvZD:bfayKUuTfFPK94GiuGrjPloijT0O2qvp

Score

10^/10

xworm pyinstaller rat trojan

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

AstroBootStrapper_upd.exe

Resource

win10v2004-20240709-en

xworm pyinstaller rat trojan

windows10-2004-x64

13 signatures

600 seconds

Malware Config

Extracted

Family

xworm

Version

5.0

C2

147.185.221.21:37029

Mutex

ImJIbbArI7SKOVwD

Attributes

Install_directory
%AppData%
install_file
ctfmon.exe

aes.plain

Targets

- Target
  
  AstroBootStrapper_upd.exe
- Size
  
  35.3MB
- MD5
  
  6366596bda3516a281a91c2c10217f5f
- SHA1
  
  2029a7837a7aecc36e453ac7accaaf60be851a0e
- SHA256
  
  a02eef7ae229cfab507ec2a39994995ea8d905b6ded899b86aa2b64f50046b79
- SHA512
  
  e98f7e718fd97e1affa6cd591bb272bad0fea77d08a014d4075cfa0e82c0b270dea242e47541e37864518fa0dc356c16eb95b39c72a7c49513028db822e8cb8f
- SSDEEP
  
  786432:NUufa9gYBzTKPkwETf5bPBnB7294tGiNFeGl9jPlyTiS2j+S0mLzSqvZD:bfayKUuTfFPK94GiuGrjPloijT0O2qvp
Score

10^/10

xworm pyinstaller rat trojan
- Detect Xworm Payload
- Xworm
  Xworm is a remote access trojan written in C#.
  trojan rat xworm
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Drops startup file
- Executes dropped EXE
- Loads dropped DLL
behavioral1

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks

static1

behavioral1

xwormpyinstallerrattrojan

© 2018-2024

Terms | Privacy