xworm | d08928d078d1b2ded79a527727839a0b302088e9934327a93d977e8a830af436 | Triage

Sharing

General

Target

45.png.ps1
Size

181KB
Sample

241031-rs9arszgpj
MD5

cfa1a53f2c8fc430241785a8528876e8
SHA1

c4a3bba161e9feca68717b7e0d4c6728b95970b1
SHA256

d08928d078d1b2ded79a527727839a0b302088e9934327a93d977e8a830af436
SHA512

2b6748b66bc1be3376c8c788d3107d86993fd5fff2bc67776ab7e3a0e9d11deb4d59c7ce5d5bbc1815470b945a5c25773d780290009702cb4db978a4200739d8
SSDEEP

3072:G7ZBqVuu4Z/njbXCmqx65NqoYM8DPRB3seN4jo+m7EcSxLEWRbI/LHfykXhHIe2i:G7DqVuu4Z/njbXCmqx65NqoYM8DPRB3t

Score

10^/10

xworm discovery execution rat trojan

Malware Config

Extracted

Family

xworm

C2

85.209.11.15:4404

Attributes

install_file
USB.exe

Targets

- Target
  
  45.png.ps1
- Size
  
  181KB
- MD5
  
  cfa1a53f2c8fc430241785a8528876e8
- SHA1
  
  c4a3bba161e9feca68717b7e0d4c6728b95970b1
- SHA256
  
  d08928d078d1b2ded79a527727839a0b302088e9934327a93d977e8a830af436
- SHA512
  
  2b6748b66bc1be3376c8c788d3107d86993fd5fff2bc67776ab7e3a0e9d11deb4d59c7ce5d5bbc1815470b945a5c25773d780290009702cb4db978a4200739d8
- SSDEEP
  
  3072:G7ZBqVuu4Z/njbXCmqx65NqoYM8DPRB3seN4jo+m7EcSxLEWRbI/LHfykXhHIe2i:G7DqVuu4Z/njbXCmqx65NqoYM8DPRB3t
Score

10^/10

execution xworm discovery rat trojan
- Detect Xworm Payload
- Xworm
  Xworm is a remote access trojan written in C#.
  trojan rat xworm
- Xworm family
  xworm
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Command and Scripting Interpreter

PowerShell

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2

xwormdiscoveryexecutionrattrojan