xworm

General

Target

eacc39dac1d60cdb6d602775a25cd954bf52c3379d1c2b588a2692705db84004N
Size

369KB
Sample

241107-syh67stra1
MD5

cddbe369e9f8f31485f9cf74aa0171a0
SHA1

82c0b7ac4d86f0c2f484e05d40c62c00aba6fa20
SHA256

eacc39dac1d60cdb6d602775a25cd954bf52c3379d1c2b588a2692705db84004
SHA512

35272cdba5aea95fe4cf95a8aea367b1389c7d44cd0131cdad62b10133076b25b6d05ed34c400a89b988f6d2a964ace70fe87d31c0ff8f2abbbf8d72437f7a66
SSDEEP

6144:ctp5GoZ7+VAtqw7S0R7E9Ou8Vp6Ozb784gO:ctpHSSZb7E96VpaO

Score

10^/10

Malware Config

Extracted

Family

xworm

C2

recommended-pad.gl.at.ply.gg:63567

Attributes

Install_directory
%AppData%
install_file
Discord.exe

Targets

- Target
  
  eacc39dac1d60cdb6d602775a25cd954bf52c3379d1c2b588a2692705db84004N
- Size
  
  369KB
- MD5
  
  cddbe369e9f8f31485f9cf74aa0171a0
- SHA1
  
  82c0b7ac4d86f0c2f484e05d40c62c00aba6fa20
- SHA256
  
  eacc39dac1d60cdb6d602775a25cd954bf52c3379d1c2b588a2692705db84004
- SHA512
  
  35272cdba5aea95fe4cf95a8aea367b1389c7d44cd0131cdad62b10133076b25b6d05ed34c400a89b988f6d2a964ace70fe87d31c0ff8f2abbbf8d72437f7a66
- SSDEEP
  
  6144:ctp5GoZ7+VAtqw7S0R7E9Ou8Vp6Ozb784gO:ctpHSSZb7E96VpaO
Score

10^/10

xworm discovery rat trojan
- Detect Xworm Payload
- Xworm
  Xworm is a remote access trojan written in C#.
  trojan rat xworm
- Xworm family
  xworm
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Loads dropped DLL
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

1

T1012

System Information Discovery

2

T1082

System Location Discovery

1

T1614

System Language Discovery

1

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

Detect Xworm Payload

Xworm family

Checks computer location settings

Executes dropped EXE

Loads dropped DLL

Looks up external IP address via web service

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2