xworm | 4658ee1b781d252438486c6a13dac28ea49ba55da5a45a1c445026a587731ba3 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

klnmasdfljnmfasd.exe
Size

77KB
Sample

241014-hgr3ns1eqb
MD5

f2634f7f149e7d2ecf07ecd7facccb95
SHA1

53762b7e27a16be28cd27a550cfd9fd15cbfb5d1
SHA256

4658ee1b781d252438486c6a13dac28ea49ba55da5a45a1c445026a587731ba3
SHA512

d30e91bea7a636dd8a9f8876a9fa601ad57a84559eecf118f377fc79f0fae6ec626bf19f1e4722fdbd0e096a60d4e305c621d050f7f5f60f1b7f23be0af0c4e3
SSDEEP

1536:AbH0KlV+y62UmgB2ri0WfQ48kbR9nK9PytWWyOwvN3g:ANhU0pW4hkbHnsPyt3yOwvN3g

Score

10^/10

xworm persistence rat trojan

Malware Config

Extracted

Family

xworm

C2

Phnxss-27839.portmap.host:27839

Attributes

Install_directory
%Userprofile%
install_file
Windows Security Notification.exe
telegram
https://api.telegram.org/bot7358011073:AAGdUduenjLHLDVW3OYWkXisH68mtspgA2Y/sendMessage?chat_id=6860608587

Targets

- Target
  
  klnmasdfljnmfasd.exe
- Size
  
  77KB
- MD5
  
  f2634f7f149e7d2ecf07ecd7facccb95
- SHA1
  
  53762b7e27a16be28cd27a550cfd9fd15cbfb5d1
- SHA256
  
  4658ee1b781d252438486c6a13dac28ea49ba55da5a45a1c445026a587731ba3
- SHA512
  
  d30e91bea7a636dd8a9f8876a9fa601ad57a84559eecf118f377fc79f0fae6ec626bf19f1e4722fdbd0e096a60d4e305c621d050f7f5f60f1b7f23be0af0c4e3
- SSDEEP
  
  1536:AbH0KlV+y62UmgB2ri0WfQ48kbR9nK9PytWWyOwvN3g:ANhU0pW4hkbHnsPyt3yOwvN3g
Score

10^/10

xworm persistence rat trojan
- Detect Xworm Payload
- Xworm
  Xworm is a remote access trojan written in C#.
  trojan rat xworm
- Drops startup file
- Adds Run key to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Modify Registry

Credential Access

Discovery

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

xwormpersistencerattrojan

behavioral2

xwormpersistencerattrojan