stormkitty | 61e8f2c36942c9910c894ae09f9554462d98e38fce868574e8cf00283978ea83 | Triage

Submit
Reports

Overview

overview

Static

static

XWorm v5.6...ks.rar

windows11-21h2-x64

Sharing

General

Target

XWorm v5.6 Edition Cracked By WantHacks.rar
Size

22.1MB
Sample

241111-zl81esyrfm
MD5

f2bc2af2db699fcc4a6a86dcdcb63688
SHA1

c640018e4f0a0b314012a25c0eb87cba17f14d28
SHA256

61e8f2c36942c9910c894ae09f9554462d98e38fce868574e8cf00283978ea83
SHA512

00830190d2417f2a0f9fd168631ad8b8f6050cd8d48ba0f40ea8561cd6bf2b1d123c156f62e60260ff5328367c76bbbb750afb09b9bc2dbd57e3f7c10c398745
SSDEEP

393216:+yaCIiJA/fWwI1VJkEhDQDNIoRcYN4SMV+fphpKotgPJXbK9/KW9KP6Qr+:+yoiJA/upytROSMVypjdtg5O9/KW6Tr+

Score

10^/10

stormkitty xworm persistence rat trojan

Static task

static1

stormkitty xworm

6 signatures

Behavioral task

behavioral1

Sample

XWorm v5.6 Edition Cracked By WantHacks.rar

Resource

win11-20241007-en

xworm persistence rat trojan

windows11-21h2-x64

17 signatures

300 seconds

Malware Config

Extracted

Family

xworm

Version

5.0

C2

127.0.0.1:7000

Mutex

HSKN9MpfBLZsOPaW

Attributes

Install_directory
%AppData%
install_file
XClient.exe

aes.plain

Extracted

Family

xworm

C2

127.0.0.1:7000

Attributes

Install_directory
%AppData%
install_file
XClient.exe

Targets

- Target
  
  XWorm v5.6 Edition Cracked By WantHacks.rar
- Size
  
  22.1MB
- MD5
  
  f2bc2af2db699fcc4a6a86dcdcb63688
- SHA1
  
  c640018e4f0a0b314012a25c0eb87cba17f14d28
- SHA256
  
  61e8f2c36942c9910c894ae09f9554462d98e38fce868574e8cf00283978ea83
- SHA512
  
  00830190d2417f2a0f9fd168631ad8b8f6050cd8d48ba0f40ea8561cd6bf2b1d123c156f62e60260ff5328367c76bbbb750afb09b9bc2dbd57e3f7c10c398745
- SSDEEP
  
  393216:+yaCIiJA/fWwI1VJkEhDQDNIoRcYN4SMV+fphpKotgPJXbK9/KW9KP6Qr+:+yoiJA/upytROSMVypjdtg5O9/KW6Tr+
Score

10^/10

xworm persistence rat trojan
- Contains code to disable Windows Defender
  A .NET executable tasked with disabling Windows Defender capabilities such as realtime monitoring, blocking at first seen, etc.
- Detect Xworm Payload
- Xworm
  Xworm is a remote access trojan written in C#.
  trojan rat xworm
- Xworm family
  xworm
- Executes dropped EXE
- Uses the VBS compiler for execution
- Adds Run key to start application
  persistence
behavioral1

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Command and Scripting Interpreter

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

stormkittyxworm

behavioral1

xwormpersistencerattrojan

© 2018-2024

Terms | Privacy