xworm | fd7d4ec1d86c01b1f234b333941e7615fae1dd342fb2ec80a4e78a5cc5fb5a42 | Triage

Sharing

General

Target

Your_New_Social_Security_Statement.wsf
Size

5KB
Sample

240807-qr7j4sseqa
MD5

3b566e8ed4838f476d7dda08a9acc1b1
SHA1

a426b95ac0992dda56fa15c52a2765101df19aee
SHA256

fd7d4ec1d86c01b1f234b333941e7615fae1dd342fb2ec80a4e78a5cc5fb5a42
SHA512

96a460d11d28f1f3ad545b646e1b015264cd4a86aa017a6c015a52a09d5638c09439668fb397427cd24d67de062c712010f24fc82bf9b18555c9d19f2b3e5f68
SSDEEP

96:TkWXrHfYiu03P/hyUMl2N6SmxV3xzjpeX0T2MNdP+lHjfmMmpR0RQVWN:o0rTuI3HM06SifzjpeEjdwQoN

Score

10^/10

xworm discovery execution rat trojan

Malware Config

Extracted

Credentials

Protocol: ftp
Host:
142.44.252.6
Port:
21
Username:
dp
Password:
pp...123456

Extracted

Family

xworm

Version

5.0

C2

OMRAN2024.WORK.GD:7001

Mutex

l4UtihZj05q6W7mB

Attributes

install_file
USB.exe

aes.plain

Targets

- Target
  
  Your_New_Social_Security_Statement.wsf
- Size
  
  5KB
- MD5
  
  3b566e8ed4838f476d7dda08a9acc1b1
- SHA1
  
  a426b95ac0992dda56fa15c52a2765101df19aee
- SHA256
  
  fd7d4ec1d86c01b1f234b333941e7615fae1dd342fb2ec80a4e78a5cc5fb5a42
- SHA512
  
  96a460d11d28f1f3ad545b646e1b015264cd4a86aa017a6c015a52a09d5638c09439668fb397427cd24d67de062c712010f24fc82bf9b18555c9d19f2b3e5f68
- SSDEEP
  
  96:TkWXrHfYiu03P/hyUMl2N6SmxV3xzjpeX0T2MNdP+lHjfmMmpR0RQVWN:o0rTuI3HM06SifzjpeEjdwQoN
Score

10^/10

xworm discovery execution rat trojan
- Detect Xworm Payload
- Xworm
  Xworm is a remote access trojan written in C#.
  trojan rat xworm
- Blocklisted process makes network request
- Command and Scripting Interpreter: PowerShell
  Run Powershell and hide display window.
  execution
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Command and Scripting Interpreter

PowerShell

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2

xwormdiscoveryexecutionrattrojan