xworm | 0f3a0a876e198379b45b75a0c06ee8f3cab91eb26fd868fab769ed72b804f600 | Triage

Submit
Reports

Overview

overview

Static

static

3

Luigi UnBan.exe

windows7-x64

8

Luigi UnBan.exe

windows10-2004-x64

Sharing

General

Target

Luigi UnBan.exe
Size

178.2MB
Sample

241112-gjbm2avqas
MD5

fdaf5b201a0e1c706e755cf2dcf6adb4
SHA1

015461363ad9a3897d2ea5deda2fa44fe57756f3
SHA256

0f3a0a876e198379b45b75a0c06ee8f3cab91eb26fd868fab769ed72b804f600
SHA512

cc0e9a65170e318a4faad0a28aa7458dc0367027b7419049b0dce2baa1df535e7f776395b904be8466b055b1a40a97317cead9adb96afde637e82343f4d1ba91
SSDEEP

1572864:3gm3YzFXmdksvLt/u5ZnKBE5MoDNU0gj67dnHE7:3gm3YYdkqZu6E5Mg7dK

Score

10^/10

xworm execution rat trojan

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

Luigi UnBan.exe

Resource

win7-20241010-en

windows7-x64

6 signatures

150 seconds

Behavioral task

behavioral2

Sample

Luigi UnBan.exe

Resource

win10v2004-20241007-en

xworm execution rat trojan

windows10-2004-x64

13 signatures

150 seconds

Malware Config

Extracted

Family

xworm

Version

5.0

C2

80.76.49.227:9999

Mutex

g0vzRORqzebeaKQj

Attributes

install_file
USB.exe

aes.plain

Targets

- Target
  
  Luigi UnBan.exe
- Size
  
  178.2MB
- MD5
  
  fdaf5b201a0e1c706e755cf2dcf6adb4
- SHA1
  
  015461363ad9a3897d2ea5deda2fa44fe57756f3
- SHA256
  
  0f3a0a876e198379b45b75a0c06ee8f3cab91eb26fd868fab769ed72b804f600
- SHA512
  
  cc0e9a65170e318a4faad0a28aa7458dc0367027b7419049b0dce2baa1df535e7f776395b904be8466b055b1a40a97317cead9adb96afde637e82343f4d1ba91
- SSDEEP
  
  1572864:3gm3YzFXmdksvLt/u5ZnKBE5MoDNU0gj67dnHE7:3gm3YYdkqZu6E5Mg7dK
Score

10^/10

execution xworm rat trojan
- Detect Xworm Payload
- Xworm
  Xworm is a remote access trojan written in C#.
  trojan rat xworm
- Xworm family
  xworm
- Blocklisted process makes network request
- Command and Scripting Interpreter: PowerShell
  Run Powershell and hide display window.
  execution
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Command and Scripting Interpreter

PowerShell

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2

xwormexecutionrattrojan

© 2018-2024

Terms | Privacy