xworm

General

Target

c5f4dab7c8114f6fd9742fed88895a12192bbbfdb5c6438f85c89a645961e142
Size

1.0MB
Sample

241107-tcmg6svgjg
MD5

e0de437a9326cd6a11e17b6a9fd9963f
SHA1

fd866c5a382e9ce7c5492dbee1e47b90f6b56531
SHA256

c5f4dab7c8114f6fd9742fed88895a12192bbbfdb5c6438f85c89a645961e142
SHA512

18549cda4eb213966a9fedf63e997cd0dd5f4f338237b73ec3873997bde9566b85dc380e645624e7424f85be98c5c3574c544770365e01f7cc5af9a4fa9dfe51
SSDEEP

24576:ffmMv6Ckr7Mny5QLmy4m8bMT0urDgE1tgZG3:f3v+7/5QLIbM3Dtg0

Score

10^/10

Malware Config

Extracted

Family

xworm

Version

5.0

C2

66.154.103.135:4800

Mutex

rm4C0XC5aW9eGOEB

Attributes

install_file
USB.exe

aes.plain

1
UipwIxbjnBOt14jtxb4LUA==

Targets

- Target
  
  c5f4dab7c8114f6fd9742fed88895a12192bbbfdb5c6438f85c89a645961e142
- Size
  
  1.0MB
- MD5
  
  e0de437a9326cd6a11e17b6a9fd9963f
- SHA1
  
  fd866c5a382e9ce7c5492dbee1e47b90f6b56531
- SHA256
  
  c5f4dab7c8114f6fd9742fed88895a12192bbbfdb5c6438f85c89a645961e142
- SHA512
  
  18549cda4eb213966a9fedf63e997cd0dd5f4f338237b73ec3873997bde9566b85dc380e645624e7424f85be98c5c3574c544770365e01f7cc5af9a4fa9dfe51
- SSDEEP
  
  24576:ffmMv6Ckr7Mny5QLmy4m8bMT0urDgE1tgZG3:f3v+7/5QLIbM3Dtg0
Score

10^/10

xworm discovery rat trojan
- Detect Xworm Payload
- Xworm
  Xworm is a remote access trojan written in C#.
  trojan rat xworm
- Xworm family
  xworm
- Drops startup file
- Executes dropped EXE
- Loads dropped DLL
- AutoIT Executable
  AutoIT scripts compiled to PE executables.
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

1

T1082

System Location Discovery

1

T1614

System Language Discovery

1

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

Detect Xworm Payload

Xworm family

Drops startup file

Executes dropped EXE

Loads dropped DLL

AutoIT Executable

Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2

We care about your privacy.