xworm | bc8e1e0d26c08f7116113bb591eb5275174652f19293f7d9a4921a580b78b042 | Triage

Submit
Reports

Overview

overview

Static

static

1

FREE BYPASS.rar

windows10-ltsc 2021-x64

Sharing

General

Target

FREE BYPASS.rar
Size

703KB
Sample

241110-mgtzgsxrhm
MD5

58292ba4352cc7ede74cea6eb6cf4764
SHA1

62d5ffb6fce1c50d793477bf50eaa3b706e1746d
SHA256

bc8e1e0d26c08f7116113bb591eb5275174652f19293f7d9a4921a580b78b042
SHA512

278a23320aa015c2303c808fcc7f6a718c833cc7bb8d17d54de23d132ef50bb7acbad586ad47a96341be1859336d33bca8e58427a6e030e820de437ef041f1c7
SSDEEP

12288:r5QdwWNKMUvO3sryrdKDRxSwj3mfXnj31KYiZqwu4Jpq9FCLcmc4ofpzvSUV:rCpK1O3cyrdCRow7mfTgjEcpmsL+4ofr

Score

10^/10

xworm discovery rat trojan

Static task

static1

Behavioral task

behavioral1

Sample

FREE BYPASS.rar

Resource

win10ltsc2021-20241023-en

xworm discovery rat trojan

windows10-ltsc 2021-x64

15 signatures

150 seconds

Malware Config

Extracted

Family

xworm

C2

147.185.221.23:25808

Attributes

Install_directory
%LocalAppData%
install_file
Realtek HD Audio Universal Service.exe

Targets

- Target
  
  FREE BYPASS.rar
- Size
  
  703KB
- MD5
  
  58292ba4352cc7ede74cea6eb6cf4764
- SHA1
  
  62d5ffb6fce1c50d793477bf50eaa3b706e1746d
- SHA256
  
  bc8e1e0d26c08f7116113bb591eb5275174652f19293f7d9a4921a580b78b042
- SHA512
  
  278a23320aa015c2303c808fcc7f6a718c833cc7bb8d17d54de23d132ef50bb7acbad586ad47a96341be1859336d33bca8e58427a6e030e820de437ef041f1c7
- SSDEEP
  
  12288:r5QdwWNKMUvO3sryrdKDRxSwj3mfXnj31KYiZqwu4Jpq9FCLcmc4ofpzvSUV:rCpK1O3cyrdCRow7mfTgjEcpmsL+4ofr
Score

10^/10

xworm discovery rat trojan
- Detect Xworm Payload
- Xworm
  Xworm is a remote access trojan written in C#.
  trojan rat xworm
- Xworm family
  xworm
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
behavioral1

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

xwormdiscoveryrattrojan

© 2018-2024

Terms | Privacy