xworm | 7a4578bbac664c98b865d9baebdf5c8b19751ecd3c4474bdf448eb6a543a107e | Triage

Sharing

General

Target

Scan0030930930-pdf.js
Size

109KB
Sample

240820-nl6phsygjb
MD5

a58fbddf2999d24a5f51c72ab80bc5ca
SHA1

e3a0fdc283d36805e06efc1f923ef9b896929734
SHA256

7a4578bbac664c98b865d9baebdf5c8b19751ecd3c4474bdf448eb6a543a107e
SHA512

8b4cb371ca58dff9ded77b76340fda79dc8912783fba766e408c03e1abbe00def35072ac36dc6b5706d24362521a6eeff8f5831d270575fe8a17e123598d0ef2
SSDEEP

1536:cuYLOSTWJve/YTDmwYZ+xeH5NVNsvxIkw6RSOdSxzYFxWZx74VmN8TDNNw:mH6Jve/kJxeHtNsepOdSx0esVRvNy

Score

10^/10

xworm execution rat trojan

Malware Config

Extracted

Family

xworm

C2

wiz.bounceme.net:6000

Mutex

TsV4Qhz4pSYYlqfv

Attributes

install_file
USB.exe

aes.plain

Targets

- Target
  
  Scan0030930930-pdf.js
- Size
  
  109KB
- MD5
  
  a58fbddf2999d24a5f51c72ab80bc5ca
- SHA1
  
  e3a0fdc283d36805e06efc1f923ef9b896929734
- SHA256
  
  7a4578bbac664c98b865d9baebdf5c8b19751ecd3c4474bdf448eb6a543a107e
- SHA512
  
  8b4cb371ca58dff9ded77b76340fda79dc8912783fba766e408c03e1abbe00def35072ac36dc6b5706d24362521a6eeff8f5831d270575fe8a17e123598d0ef2
- SSDEEP
  
  1536:cuYLOSTWJve/YTDmwYZ+xeH5NVNsvxIkw6RSOdSxzYFxWZx74VmN8TDNNw:mH6Jve/kJxeHtNsepOdSx0esVRvNy
Score

10^/10

execution xworm rat trojan
- Detect Xworm Payload
- Xworm
  Xworm is a remote access trojan written in C#.
  trojan rat xworm
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Command and Scripting Interpreter

JavaScript

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2

xwormexecutionrattrojan