xworm | e6cfabef69322a4578808665072e1db85e881736d686e64c229f1ea8d3435153 | Triage

Sharing

General

Target

e6cfabef69322a4578808665072e1db85e881736d686e64c229f1ea8d3435153.exe
Size

38KB
Sample

241117-14ysvayqa1
MD5

4ec8a668815c66a7b555f1290e26bd19
SHA1

552be57ae2d287e494eabe00590a1e7ed9c9be5c
SHA256

e6cfabef69322a4578808665072e1db85e881736d686e64c229f1ea8d3435153
SHA512

8d4421a799f064cf1ec894f1900d3cb766fac9f031001b9785bb182813eb286b3000d7be90166d08e6416ff12de2d5ba36803b51a8f58c07413fcd92aa0a2445
SSDEEP

768:/V7Kjkq9PMXOh5G7m9NFfZk7FWPB9WNOMh2aQkryy:/xq/oa5PFyFO9WNOM4syy

Score

10^/10

xworm rat trojan

Malware Config

Extracted

Family

xworm

Version

5.0

C2

america-surrey.gl.at.ply.gg:54338

Mutex

uqf0RwmqN0bmwjTI

Attributes

Install_directory
%LocalAppData%
install_file
svchost.exe

aes.plain

Targets

- Target
  
  e6cfabef69322a4578808665072e1db85e881736d686e64c229f1ea8d3435153.exe
- Size
  
  38KB
- MD5
  
  4ec8a668815c66a7b555f1290e26bd19
- SHA1
  
  552be57ae2d287e494eabe00590a1e7ed9c9be5c
- SHA256
  
  e6cfabef69322a4578808665072e1db85e881736d686e64c229f1ea8d3435153
- SHA512
  
  8d4421a799f064cf1ec894f1900d3cb766fac9f031001b9785bb182813eb286b3000d7be90166d08e6416ff12de2d5ba36803b51a8f58c07413fcd92aa0a2445
- SSDEEP
  
  768:/V7Kjkq9PMXOh5G7m9NFfZk7FWPB9WNOMh2aQkryy:/xq/oa5PFyFO9WNOM4syy
Score

10^/10

xworm rat trojan
- Detect Xworm Payload
- Xworm
  Xworm is a remote access trojan written in C#.
  trojan rat xworm
- Xworm family
  xworm
- Drops startup file
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2