xworm | 6a2e733771d7f141eed2a6f50a0578d443339197a1d8037703b83fa0878ba79c | Triage

Sharing

General

Target

6a2e733771d7f141eed2a6f50a0578d443339197a1d8037703b83fa0878ba79c
Size

36KB
Sample

241107-r593tstlft
MD5

bc3da510a60f0f44acb92231647e2878
SHA1

91e54702cc242937cb8b854ef894dc3268eeff51
SHA256

6a2e733771d7f141eed2a6f50a0578d443339197a1d8037703b83fa0878ba79c
SHA512

7736d1e360102a5f858da0214073c12c978977f2c075c94b86999fa2a561e4e7b6fe0634e40134700d437fd668cb8ae66e9ec1bc37d1f733de68bfa0d4cec9b2
SSDEEP

384:EHqouAgAkffHnjuNWoAgLWanS3FLZcWzWCu280wpkFMAfNLT2OZwxcV2v99IkHEO:uzuAinEWaRC4QFm9YkOMh4kG0

Score

10^/10

xworm rat trojan

Malware Config

Extracted

Family

xworm

Version

5.0

Mutex

UxOlPOZZNwNV9srk

Attributes

install_file
USB.exe
pastebin_url
https://pastebin.com/raw/Dh8E7H3R

aes.plain

Targets

- Target
  
  6a2e733771d7f141eed2a6f50a0578d443339197a1d8037703b83fa0878ba79c
- Size
  
  36KB
- MD5
  
  bc3da510a60f0f44acb92231647e2878
- SHA1
  
  91e54702cc242937cb8b854ef894dc3268eeff51
- SHA256
  
  6a2e733771d7f141eed2a6f50a0578d443339197a1d8037703b83fa0878ba79c
- SHA512
  
  7736d1e360102a5f858da0214073c12c978977f2c075c94b86999fa2a561e4e7b6fe0634e40134700d437fd668cb8ae66e9ec1bc37d1f733de68bfa0d4cec9b2
- SSDEEP
  
  384:EHqouAgAkffHnjuNWoAgLWanS3FLZcWzWCu280wpkFMAfNLT2OZwxcV2v99IkHEO:uzuAinEWaRC4QFm9YkOMh4kG0
Score

10^/10

xworm rat trojan
- Detect Xworm Payload
- Xworm
  Xworm is a remote access trojan written in C#.
  trojan rat xworm
- Xworm family
  xworm
- Legitimate hosting services abused for malware hosting/C2
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Web Service

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2