stormkitty | 69271c328db46c14628d161ff9fed12b14567dfaae2e139ec6cbc047ebca497d

General

Target

XWorm.V5.6.rar
Size

9.1MB
Sample

241117-mnwfwsybkn
MD5

f1d1f92abd55fdef7d2607ee36e56af8
SHA1

41ac844e80b12449805ec440c56743cbbb061b63
SHA256

69271c328db46c14628d161ff9fed12b14567dfaae2e139ec6cbc047ebca497d
SHA512

5c76a8e06e0d4a0218ed34b9fa429e6ecf234ede6befc83537ea69981f7da879d939083dd0ca63a5d3504351b85cb55decdc38d3c04d408578e9e6b7d28b4f3f
SSDEEP

196608:l5EagdnuKzra34KA/okbtlIi18bF+altESCuJn7n61mNnC4B0q7JS:lyagdNe35+5JOXo1tu6YU4BvY

Score

10^/10

Malware Config

Extracted

Family

xworm

C2

193.161.193.99:63603

37.4.250.173:63603

Attributes

Install_directory
%AppData%
install_file
XwormV6.exe

Targets

- Target
  
  XWorm V5.6/XwormV5.6.exe
- Size
  
  15.0MB
- MD5
  
  2ff4c5a7eff1d9f19e23156dceeca4d0
- SHA1
  
  d8c175bb2b968713d48b37e1d018c8736a34ea6d
- SHA256
  
  198f82a2b491cb5c769d25c03ea7908161e20a9b51b585099f7088cef5c4323e
- SHA512
  
  2c839576c2a9ce47b4d37325417a4055e4f8674323b6b1a558fac35628eaf32e354271936ceb8dc6a38ccc24b170cc17c08e74a994e8363831b410810d676a05
- SSDEEP
  
  3072:LJKhDbtkb2D7wyOQnxZd+xYoPdLa5a47Qnx5RUUOMlv1s8W:LJKhDSbFGExYoPJatsjtlv1s8
Score

10^/10

xworm execution rat trojan
- Detect Xworm Payload
- Xworm
  Xworm is a remote access trojan written in C#.
  trojan rat xworm
- Xworm family
  xworm
- Command and Scripting Interpreter: PowerShell
  Run Powershell to modify Windows Defender settings to add exclusions for file extensions, paths, and processes.
  execution
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Drops startup file
behavioral1 behavioral2 behavioral3

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Command and Scripting Interpreter

1

T1059

PowerShell

1

T1059.001

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

1

T1012

System Information Discovery

2

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

Detect Xworm Payload

Xworm

Xworm family

Command and Scripting Interpreter: PowerShell

Checks computer location settings

Drops startup file

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2

behavioral3