xworm | 0a9c2a6b3f96a8679ef15f3e4f2b8df2b244e01c07b93c40a530b002e8ec12c4 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

0a9c2a6b3f96a8679ef15f3e4f2b8df2b244e01c07b93c40a530b002e8ec12c4
Size

185KB
Sample

240808-2flztavemf
MD5

3cbb8c5b44708455c2557d83a3b84e49
SHA1

e9decb691788c81348c677d2965102b8ee3eaa41
SHA256

0a9c2a6b3f96a8679ef15f3e4f2b8df2b244e01c07b93c40a530b002e8ec12c4
SHA512

58c4ae77718a09437e4f8778f130eac3edd35ef74758d7a1428cb646db6a1b0b31b4894fdc60ce8ef9e1b3a9303ea5c35217b10d3dc8eada893119a4643affa8
SSDEEP

3072:OvGyYiSDnt125GWp1icKAArDZz4N9GhbkrNEk1BhFwTEwPI4:i4Ap0yN90QEyFw3

Score

10^/10

xworm execution persistence rat trojan

Malware Config

Extracted

Family

xworm

Version

5.0

C2

94.156.65.22:6969

Mutex

6cUhJv5oytobQBBE

Attributes

install_file
USB.exe

aes.plain

Targets

- Target
  
  0a9c2a6b3f96a8679ef15f3e4f2b8df2b244e01c07b93c40a530b002e8ec12c4
- Size
  
  185KB
- MD5
  
  3cbb8c5b44708455c2557d83a3b84e49
- SHA1
  
  e9decb691788c81348c677d2965102b8ee3eaa41
- SHA256
  
  0a9c2a6b3f96a8679ef15f3e4f2b8df2b244e01c07b93c40a530b002e8ec12c4
- SHA512
  
  58c4ae77718a09437e4f8778f130eac3edd35ef74758d7a1428cb646db6a1b0b31b4894fdc60ce8ef9e1b3a9303ea5c35217b10d3dc8eada893119a4643affa8
- SSDEEP
  
  3072:OvGyYiSDnt125GWp1icKAArDZz4N9GhbkrNEk1BhFwTEwPI4:i4Ap0yN90QEyFw3
Score

10^/10

execution persistence xworm rat trojan
- Detect Xworm Payload
- Xworm
  Xworm is a remote access trojan written in C#.
  trojan rat xworm
- Blocklisted process makes network request
- Command and Scripting Interpreter: PowerShell
  Run Powershell and hide display window.
  execution
- Adds Run key to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Command and Scripting Interpreter

PowerShell

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Modify Registry

Credential Access

Discovery

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

executionpersistence

behavioral2

xwormexecutionpersistencerattrojan