xworm | d5f529ba6cd4200635d45bda071312b2ebf622f96f53f1a767128babd812ceaa

Analysis

max time kernel
93s
max time network
94s
platform
windows10-2004_x64
resource
win10v2004-20240802-en
resource tags

arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
submitted
02-10-2024 02:09

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

d5f529ba6cd4200635d45bda071312b2ebf622f96f53f1a767128babd812ceaa.exe
Size

93KB
MD5

d4450cf5c5f5c528c1b79303d19b5cbc
SHA1

d1fdf4af159622558500385645d9034e016b76cb
SHA256

d5f529ba6cd4200635d45bda071312b2ebf622f96f53f1a767128babd812ceaa
SHA512

10e3983159c8d5f756a9773a89456a34999ba7bf6a2e000ffe06943c58244a1bbea2f2cf9bfb4868260a14df068b88b652221275d666ab51ddacee488fcd3679
SSDEEP

1536:tDEvk14CBaqkFO0yMl01U7bl9jZ1O9x6oLmfF3Owfet:tGOWKwl9jZ1OWwi3i

Score

10^/10

xworm rat trojan

Malware Config

Extracted

Family

xworm

Version

2.2

make-catherine.at.ply.gg:58313

Mutex

tWMW5sMX3FaRHiBk

Attributes

install_file
WindowsServices.exe

aes.plain

Signatures

Detect Xworm Payload 1 IoCs

resource	yara_rule
behavioral2/memory/2208-1-0x00000000008E0000-0x00000000008FE000-memory.dmp	family_xworm

Xworm
Xworm is a remote access trojan written in C#.
trojan rat xworm

Looks up external IP address via web service 1 IoCs

Uses a legitimate IP lookup service to find the infected system's external IP.

flow	ioc
7	ip-api.com

Suspicious use of AdjustPrivilegeToken 1 IoCs

description	pid	Process
Token: SeDebugPrivilege	2208	d5f529ba6cd4200635d45bda071312b2ebf622f96f53f1a767128babd812ceaa.exe

C:\Users\Admin\AppData\Local\Temp\d5f529ba6cd4200635d45bda071312b2ebf622f96f53f1a767128babd812ceaa.exe
"C:\Users\Admin\AppData\Local\Temp\d5f529ba6cd4200635d45bda071312b2ebf622f96f53f1a767128babd812ceaa.exe"
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:2208

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/2208-0-0x00007FFBC4BD3000-0x00007FFBC4BD5000-memory.dmp

Filesize
8KB

Download
memory/2208-1-0x00000000008E0000-0x00000000008FE000-memory.dmp

Filesize
120KB

Download
memory/2208-2-0x00007FFBC4BD0000-0x00007FFBC5691000-memory.dmp

Filesize
10.8MB

Download
memory/2208-3-0x00007FFBC4BD0000-0x00007FFBC5691000-memory.dmp

Filesize
10.8MB

Download