xworm | 8344b15b9177b70916a48f8b8852747d6b7cb179e6d3edf5eac1692751b132fe | Triage

Sharing

General

Target

8344b15b9177b70916a48f8b8852747d6b7cb179e6d3edf5eac1692751b132fe
Size

187KB
Sample

241106-kcmcqswhra
MD5

087c075bc4fe5fe242b5c66c29869864
SHA1

c45efc31b2277d02383946a90394ca4db1f703af
SHA256

8344b15b9177b70916a48f8b8852747d6b7cb179e6d3edf5eac1692751b132fe
SHA512

ad424e56406d98047db617b7ef6df2da9cef765cb5bf4eb7e592045386c49a982d951778c04e33e9d978cf3740a4829bc1c695ca73c3abd64f3bc3e0f27b4119
SSDEEP

3072:TqWg0oaxBGieuvQTtv6c/mTRPyZqqiIdhI+czv/gJQE7zK+l+2aVbUucM5W65S:TgP8GiHvQTV+d/qi25eKfU2cbNcM5U

Score

10^/10

xworm discovery rat trojan

Malware Config

Extracted

Family

xworm

Version

5.0

C2

45.149.241.37:7000

Mutex

4zFlCBA2xyUliXRM

Attributes

install_file
USB.exe

aes.plain

Targets

- Target
  
  8344b15b9177b70916a48f8b8852747d6b7cb179e6d3edf5eac1692751b132fe
- Size
  
  187KB
- MD5
  
  087c075bc4fe5fe242b5c66c29869864
- SHA1
  
  c45efc31b2277d02383946a90394ca4db1f703af
- SHA256
  
  8344b15b9177b70916a48f8b8852747d6b7cb179e6d3edf5eac1692751b132fe
- SHA512
  
  ad424e56406d98047db617b7ef6df2da9cef765cb5bf4eb7e592045386c49a982d951778c04e33e9d978cf3740a4829bc1c695ca73c3abd64f3bc3e0f27b4119
- SSDEEP
  
  3072:TqWg0oaxBGieuvQTtv6c/mTRPyZqqiIdhI+czv/gJQE7zK+l+2aVbUucM5W65S:TgP8GiHvQTV+d/qi25eKfU2cbNcM5U
Score

10^/10

xworm discovery rat trojan
- Detect Xworm Payload
- Xworm
  Xworm is a remote access trojan written in C#.
  trojan rat xworm
- Xworm family
  xworm
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2

xwormdiscoveryrattrojan