xworm | 26eb0d93904680fef2d4df49b9d55a6e54f8b341a888bb6bec2fec1e711e9536 | Triage

Sharing

General

Target

injector.exe
Size

36KB
Sample

241116-gcsyqs1djh
MD5

1d9727f02bd353afc1fedee98e4acfbb
SHA1

2263f809ead639430a130976ea4722aacb3e1362
SHA256

26eb0d93904680fef2d4df49b9d55a6e54f8b341a888bb6bec2fec1e711e9536
SHA512

62390fc747f737a15879a521f68827ab73dd26e1ee08837f3eaad542dc435703f98552b187aa19c760dc3a12c1a4d183c4d5450e4458c1a1111f131fd3de97cc
SSDEEP

768:F2C78uvbhLyScu6JBbTZ6VFyc9PZO/h7AX:Ft78utLySuJBbTZwF39PZO/KX

Score

10^/10

xworm persistence rat trojan

Malware Config

Extracted

Family

xworm

Version

5.0

C2

six-usb.gl.at.ply.gg:49722

Mutex

TcBEJUp0a8DkShx2

Attributes

Install_directory
%AppData%
install_file
System User.exe

aes.plain

Targets

- Target
  
  injector.exe
- Size
  
  36KB
- MD5
  
  1d9727f02bd353afc1fedee98e4acfbb
- SHA1
  
  2263f809ead639430a130976ea4722aacb3e1362
- SHA256
  
  26eb0d93904680fef2d4df49b9d55a6e54f8b341a888bb6bec2fec1e711e9536
- SHA512
  
  62390fc747f737a15879a521f68827ab73dd26e1ee08837f3eaad542dc435703f98552b187aa19c760dc3a12c1a4d183c4d5450e4458c1a1111f131fd3de97cc
- SSDEEP
  
  768:F2C78uvbhLyScu6JBbTZ6VFyc9PZO/h7AX:Ft78utLySuJBbTZwF39PZO/KX
Score

10^/10

xworm persistence rat trojan
- Detect Xworm Payload
- Xworm
  Xworm is a remote access trojan written in C#.
  trojan rat xworm
- Xworm family
  xworm
- Drops startup file
- Adds Run key to start application
  persistence
behavioral1

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Scheduled Task/Job

Scheduled Task

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Scheduled Task/Job

Scheduled Task

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Scheduled Task/Job

Scheduled Task

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

xwormpersistencerattrojan