xworm | d608c65caef9766a1253aec412c65e4155c9cee370b5a90ca83300b97dc05e29 | Triage

Sharing

General

Target

Tatashop.exe
Size

32KB
Sample

241102-erdq9axlfz
MD5

b1f0cf268c89c3b4451fa8fb0de4425e
SHA1

bb82f62faabd3bc890d6e153834d4a5e1a43598c
SHA256

d608c65caef9766a1253aec412c65e4155c9cee370b5a90ca83300b97dc05e29
SHA512

a98c106ce6fe8baabca305bf2a69545eccd49f9719531b59251472ece28816c50a500ba0a2e46cd7aa1a8b8010be7fc805d68d02a4753e586820842472274f96
SSDEEP

768:mVa+vNtg+PB93Tw4eJdVFE9jnocOjh6bzd:IvNtgw93U4e9FE9jnZOjYN

Score

10^/10

xworm discovery rat trojan

Malware Config

Extracted

Family

xworm

Version

5.0

C2

127.0.0.1:1234

Mutex

LnpsNdDKOK2XQbyg

Attributes

install_file
USB.exe

aes.plain

Targets

- Target
  
  Tatashop.exe
- Size
  
  32KB
- MD5
  
  b1f0cf268c89c3b4451fa8fb0de4425e
- SHA1
  
  bb82f62faabd3bc890d6e153834d4a5e1a43598c
- SHA256
  
  d608c65caef9766a1253aec412c65e4155c9cee370b5a90ca83300b97dc05e29
- SHA512
  
  a98c106ce6fe8baabca305bf2a69545eccd49f9719531b59251472ece28816c50a500ba0a2e46cd7aa1a8b8010be7fc805d68d02a4753e586820842472274f96
- SSDEEP
  
  768:mVa+vNtg+PB93Tw4eJdVFE9jnocOjh6bzd:IvNtgw93U4e9FE9jnZOjYN
Score

10^/10

xworm discovery rat trojan
- Detect Xworm Payload
- Xworm
  Xworm is a remote access trojan written in C#.
  trojan rat xworm
- Xworm family
  xworm
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

xwormdiscoveryrattrojan

behavioral2