xworm

General

Target

BITXGOD_Crack_Rank1_Fix1.exe
Size

7.9MB
Sample

241102-mem36azrfx
MD5

f6e77b8c7939a65dd8ff319c67298aac
SHA1

467aa64fc82ec6628461c7f2d763a862de336346
SHA256

e03e0c1d95dbafd94c174b191e42d946b8325b5a3bacf840ffbe95ae6608bf03
SHA512

0e81858a6215736960b61022017bf65829652fe3875c88a1762136f14789f4c9fbe07e075fb75238c29c23d0982bd28e20f7dd056b6b8068b307966211527d1f
SSDEEP

196608:sXiMd8bcxr/tkK9WshVu2xZ3FyrkZYqiET8X:sZd8Or/mKp7u2LcwZYqiN

Score

10^/10

Malware Config

Extracted

Family

xworm

C2

85.203.4.149:7000

Attributes

Install_directory
%ProgramData%
install_file
XClient.exe

Targets

- Target
  
  BITXGOD_Crack_Rank1_Fix1.exe
- Size
  
  7.9MB
- MD5
  
  f6e77b8c7939a65dd8ff319c67298aac
- SHA1
  
  467aa64fc82ec6628461c7f2d763a862de336346
- SHA256
  
  e03e0c1d95dbafd94c174b191e42d946b8325b5a3bacf840ffbe95ae6608bf03
- SHA512
  
  0e81858a6215736960b61022017bf65829652fe3875c88a1762136f14789f4c9fbe07e075fb75238c29c23d0982bd28e20f7dd056b6b8068b307966211527d1f
- SSDEEP
  
  196608:sXiMd8bcxr/tkK9WshVu2xZ3FyrkZYqiET8X:sZd8Or/mKp7u2LcwZYqiN
Score

10^/10

xworm rat trojan vmprotect
- Detect Xworm Payload
- Xworm
  Xworm is a remote access trojan written in C#.
  trojan rat xworm
- Xworm family
  xworm
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Loads dropped DLL
- VMProtect packed file
  Detects executables packed with VMProtect commercial packer.
  vmprotect
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

1

T1012

System Information Discovery

2

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

Detect Xworm Payload

Xworm family

Checks computer location settings

Executes dropped EXE

Loads dropped DLL

VMProtect packed file

Looks up external IP address via web service

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2