xworm | 04cfe85ad9f84a7bb65c39ed40e209fdd61f3a3cb52d0606a9fc41f780a2ba1f | Triage

Sharing

General

Target

XClient.exe
Size

33KB
Sample

241117-krvbwswepj
MD5

f869f9d64a8a01aff088f8c830a477dc
SHA1

0e8af0081201e0d423abc29ae6f2cd948c12ba97
SHA256

04cfe85ad9f84a7bb65c39ed40e209fdd61f3a3cb52d0606a9fc41f780a2ba1f
SHA512

0da21ecb4896f716b1fb3b3e8813eb268aabd84f1e51f29c24fc6b8349ccfbd377d957828b437882d5ef65c654001f25a65259777ecd18980cdd0116afde876c
SSDEEP

384:Cl8UlK/V9FoBZ9aZV0NLx7o92lKZaJZvf/95ApkFy7BLT/OZwpGmTv99IkcisOHh:qO/VMOGxwgJZvn9dFyJ9FoOjh4Jy

Score

10^/10

xworm rat trojan

Malware Config

Extracted

Family

xworm

Version

5.0

C2

sep-framing.gl.at.ply.gg:61526

Mutex

wCIHQbYCz8ryLWwh

Attributes

install_file
USB.exe

aes.plain

Targets

- Target
  
  XClient.exe
- Size
  
  33KB
- MD5
  
  f869f9d64a8a01aff088f8c830a477dc
- SHA1
  
  0e8af0081201e0d423abc29ae6f2cd948c12ba97
- SHA256
  
  04cfe85ad9f84a7bb65c39ed40e209fdd61f3a3cb52d0606a9fc41f780a2ba1f
- SHA512
  
  0da21ecb4896f716b1fb3b3e8813eb268aabd84f1e51f29c24fc6b8349ccfbd377d957828b437882d5ef65c654001f25a65259777ecd18980cdd0116afde876c
- SSDEEP
  
  384:Cl8UlK/V9FoBZ9aZV0NLx7o92lKZaJZvf/95ApkFy7BLT/OZwpGmTv99IkcisOHh:qO/VMOGxwgJZvn9dFyJ9FoOjh4Jy
Score

10^/10

xworm rat trojan
- Detect Xworm Payload
- Xworm
  Xworm is a remote access trojan written in C#.
  trojan rat xworm
- Xworm family
  xworm
behavioral1

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1