xworm | c48678aefb3548079d667a24a7d34bd8461909ff045a99d31c1395f05dfd3a68 | Triage

Sharing

General

Target

c48678aefb3548079d667a24a7d34bd8461909ff045a99d31c1395f05dfd3a68N
Size

633KB
Sample

241104-eqrayswlfk
MD5

d0b251f06b3e36253868c23316dfd780
SHA1

8b61a2664a56d01bd39909a891084929f18e8839
SHA256

c48678aefb3548079d667a24a7d34bd8461909ff045a99d31c1395f05dfd3a68
SHA512

39b4234341f25ea28f02274ba2b65b8c9a9308991c332c89ef162b155c0e52d28d07a37cec4d07f1be47e7ee71e559509e4762bb8680b7bd0a31012a5b660d64
SSDEEP

12288:2KK7FwVBWNCFNJmo0PUkz/MYfVyIXLAML3Aju7GGijX8:eeVBBcpHV5AMLwq7hijX8

Score

10^/10

xworm discovery rat trojan

Malware Config

Extracted

Family

xworm

C2

159.223.206.14:7000

Attributes

install_file
USB.exe

Targets

- Target
  
  c48678aefb3548079d667a24a7d34bd8461909ff045a99d31c1395f05dfd3a68N
- Size
  
  633KB
- MD5
  
  d0b251f06b3e36253868c23316dfd780
- SHA1
  
  8b61a2664a56d01bd39909a891084929f18e8839
- SHA256
  
  c48678aefb3548079d667a24a7d34bd8461909ff045a99d31c1395f05dfd3a68
- SHA512
  
  39b4234341f25ea28f02274ba2b65b8c9a9308991c332c89ef162b155c0e52d28d07a37cec4d07f1be47e7ee71e559509e4762bb8680b7bd0a31012a5b660d64
- SSDEEP
  
  12288:2KK7FwVBWNCFNJmo0PUkz/MYfVyIXLAML3Aju7GGijX8:eeVBBcpHV5AMLwq7hijX8
Score

10^/10

xworm discovery rat trojan
- Detect Xworm Payload
- Xworm
  Xworm is a remote access trojan written in C#.
  trojan rat xworm
- Xworm family
  xworm
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

xwormdiscoveryrattrojan

behavioral2

xwormdiscoveryrattrojan