xworm | 137372fa011a0dd39cc61ef4924fbaf23ac1d2f256a1a121c6de8bc3e08cddbb | Triage

Submit
Reports

Overview

overview

Static

static

7

FearstCheat.exe

windows10-1703-x64

Resubmissions

14-09-2024 12:51

240914-p3vt1svark 10

14-09-2024 12:51

240914-p3gbmaveja 10

Sharing

General

Target

FearstCheat.exe
Size

1.7MB
Sample

240914-p3gbmaveja
MD5

0588341217749d543c1d9808ae996a93
SHA1

b0597e54d0c9a9c031d2c4f04e154e4e329f829e
SHA256

137372fa011a0dd39cc61ef4924fbaf23ac1d2f256a1a121c6de8bc3e08cddbb
SHA512

acc4f8dd88f1cbe79c0e374eb60674c5ccc324d97bda85b392a26177566a6c24390c5511535da66a6871e1c0c2a4d2bec180c08785b6d22e5d2cf39426a36248
SSDEEP

49152:Jdn9ScjutnACJUB7ngHHZSlwM0iKcK7UBbquuRJ:Jd9S5ZRt7U

Score

10^/10

xworm discovery execution rat trojan

Static task

static1

2 signatures

Behavioral task

behavioral1

Sample

FearstCheat.exe

Resource

win10-20240404-en

xworm discovery execution rat trojan

windows10-1703-x64

11 signatures

150 seconds

Malware Config

Extracted

Family

xworm

C2

192.168.223.129:4935

Attributes

Install_directory
%AppData%
install_file
$77.exe

Targets

- Target
  
  FearstCheat.exe
- Size
  
  1.7MB
- MD5
  
  0588341217749d543c1d9808ae996a93
- SHA1
  
  b0597e54d0c9a9c031d2c4f04e154e4e329f829e
- SHA256
  
  137372fa011a0dd39cc61ef4924fbaf23ac1d2f256a1a121c6de8bc3e08cddbb
- SHA512
  
  acc4f8dd88f1cbe79c0e374eb60674c5ccc324d97bda85b392a26177566a6c24390c5511535da66a6871e1c0c2a4d2bec180c08785b6d22e5d2cf39426a36248
- SSDEEP
  
  49152:Jdn9ScjutnACJUB7ngHHZSlwM0iKcK7UBbquuRJ:Jd9S5ZRt7U
Score

10^/10

xworm discovery execution rat trojan
- Detect Xworm Payload
- Xworm
  Xworm is a remote access trojan written in C#.
  trojan rat xworm
- Command and Scripting Interpreter: PowerShell
  Run Powershell to modify Windows Defender settings to add exclusions for file extensions, paths, and processes.
  execution
- .NET Reactor proctector
  Detects an executable protected by an unregistered version of Eziriz's .NET Reactor.
- Drops startup file
- Suspicious use of SetThreadContext
behavioral1

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Command and Scripting Interpreter

PowerShell

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

xwormdiscoveryexecutionrattrojan

© 2018-2025

Terms | Privacy