xworm | 58e5f9caa04676b6269b870cc4aa3997287fd3a038d1df59e5bd2c41b75bbd62 | Triage

Sharing

General

Target

17304785458593769886a354fbce7baa74763cdd4a7b5002da27c7b9fc27af676129226c18112.dat-decoded.exe
Size

151KB
Sample

241101-t7d5aasfrb
MD5

fb84f0c948174966776db1e4592fdc75
SHA1

178b6ce2ddd9de88d5e6b39c212254b50d45cfd7
SHA256

58e5f9caa04676b6269b870cc4aa3997287fd3a038d1df59e5bd2c41b75bbd62
SHA512

22874247132885d150e12d2e649690c296ef40eaa85f69ca90a9207ce1ce56c1ffef488875936166f18e9f5ffb06aeb4a4fe6edf01b0dcd9d6a64b43a6c36114
SSDEEP

3072:wxqxFiFO9W2OMJ4NpVq8BxFRzaqF+o2GQJ7/JzqVfGvO:wxqiO9BgVqwlL

Score

10^/10

xworm rat trojan

Malware Config

Extracted

Family

xworm

Version

5.0

C2

browser-hazard.gl.at.ply.gg:2620

Mutex

5fGznRuUj1JrT03R

Attributes

Install_directory
%AppData%
install_file
x-manager.exe

aes.plain

Targets

- Target
  
  17304785458593769886a354fbce7baa74763cdd4a7b5002da27c7b9fc27af676129226c18112.dat-decoded.exe
- Size
  
  151KB
- MD5
  
  fb84f0c948174966776db1e4592fdc75
- SHA1
  
  178b6ce2ddd9de88d5e6b39c212254b50d45cfd7
- SHA256
  
  58e5f9caa04676b6269b870cc4aa3997287fd3a038d1df59e5bd2c41b75bbd62
- SHA512
  
  22874247132885d150e12d2e649690c296ef40eaa85f69ca90a9207ce1ce56c1ffef488875936166f18e9f5ffb06aeb4a4fe6edf01b0dcd9d6a64b43a6c36114
- SSDEEP
  
  3072:wxqxFiFO9W2OMJ4NpVq8BxFRzaqF+o2GQJ7/JzqVfGvO:wxqiO9BgVqwlL
Score

10^/10

xworm rat trojan
- Detect Xworm Payload
- Xworm
  Xworm is a remote access trojan written in C#.
  trojan rat xworm
- Xworm family
  xworm
- Drops startup file
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2