General
-
Target
https://gofile.io/d/VmL8Ux
-
Sample
241111-zlz3hswdmn
Score
10/10
Malware Config
Extracted
Family
xworm
Version
3.1
C2
147.185.221.23:53631
Attributes
-
Install_directory
%AppData%
-
install_file
USB.exe
Targets
-
-
Target
https://gofile.io/d/VmL8Ux
Score10/10-
Detect Xworm Payload
-
Xworm
Xworm is a remote access trojan written in C#.
-
Xworm family
-
Downloads MZ/PE file
-
Drops startup file
-
Executes dropped EXE
-
Adds Run key to start application
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Scheduled Task/Job
1Scheduled Task
1Privilege Escalation
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Scheduled Task/Job
1Scheduled Task
1Defense Evasion
Modify Registry
1Subvert Trust Controls
1SIP and Trust Provider Hijacking
1