xworm | 52a78910bbaba7cc00b82dfa3170f32e1242c2cf2c0cb6d948e2108928189dfd | Triage

Sharing

General

Target

Loader (3).rar
Size

151KB
Sample

241101-v6xexa1qf1
MD5

0d498834c8edebf38bbffd4bdb1c514e
SHA1

0a4842ba4837b40b015dc7e2e608816c6506924e
SHA256

52a78910bbaba7cc00b82dfa3170f32e1242c2cf2c0cb6d948e2108928189dfd
SHA512

dae604ea496a80317985d81be8ba0387658334b3f8ca4c29b918b702de2285237965e1337a23300893c5f87dfdfcacc8ea6340a90bb1b3a5c6e5ffce92685398
SSDEEP

3072:cj3j+kA07/nhdOdXWBWOk8FXYsq6pkEXfcZd1LpMAHOre+:qT+3KhYPOPKRlEkZj9OrH

Score

10^/10

xworm rat trojan

Malware Config

Extracted

Family

xworm

C2

127.0.0.1:44543

23.ip.gl.ply.gg:44543

Attributes

Install_directory
%AppData%
install_file
XClient.exe

Targets

- Target
  
  Loader (3).rar
- Size
  
  151KB
- MD5
  
  0d498834c8edebf38bbffd4bdb1c514e
- SHA1
  
  0a4842ba4837b40b015dc7e2e608816c6506924e
- SHA256
  
  52a78910bbaba7cc00b82dfa3170f32e1242c2cf2c0cb6d948e2108928189dfd
- SHA512
  
  dae604ea496a80317985d81be8ba0387658334b3f8ca4c29b918b702de2285237965e1337a23300893c5f87dfdfcacc8ea6340a90bb1b3a5c6e5ffce92685398
- SSDEEP
  
  3072:cj3j+kA07/nhdOdXWBWOk8FXYsq6pkEXfcZd1LpMAHOre+:qT+3KhYPOPKRlEkZj9OrH
Score

1^/10
behavioral1 behavioral2
- Target
  
  Loader.exe
- Size
  
  244KB
- MD5
  
  7472fed934ca53808f097c7863418cec
- SHA1
  
  7724f6925dd37a5d990af24049bb02c6e31551ae
- SHA256
  
  b5d27bcc0a6e4d114b04614e00953400e2bb3e887b5ab52fec63c75acb84bb73
- SHA512
  
  12983d7a7ad2538f409bcb26d87f98b0bc01e4a22e1ae193a04e426d22d766d41e308fb240e50e69199300eb46837ab36207e6d9281205aa37f902cfb21a0892
- SSDEEP
  
  6144:GMgRbMslLOyUhcX7elbKTua9bfF/H9d9n:GMgOs5Oy3X3u+
Score

10^/10

xworm rat trojan
- Detect Xworm Payload
- Xworm
  Xworm is a remote access trojan written in C#.
  trojan rat xworm
- Xworm family
  xworm
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
behavioral3 behavioral4

MITRE ATT&CK Matrix

Tasks

static1

behavioral1

behavioral2

behavioral3

behavioral4