xworm | e8d9387a90f56734ddddc802ece7da57c33b5fd4e099fb68bd6ab0c39cb21928

Analysis

max time kernel
1798s
max time network
1423s
platform
windows10-ltsc 2021_x64
resource
win10ltsc2021-20241023-en
resource tags

arch:x64arch:x86image:win10ltsc2021-20241023-enlocale:en-usos:windows10-ltsc 2021-x64system
submitted
17-11-2024 18:17

Target

AdapterFixer/Modules/XerecaoMiner5.exe
Size

148KB
MD5

899017283860678a2247829c58ec3a35
SHA1

81ae8b28986d13d4951c3240a04e9244deab3c9a
SHA256

bd134a480889e73c9befd034b8aff16b353c84166128e53cba5fab98d2e29d77
SHA512

2cfc6fed23cb54405ec4af30ef941f141fe72e43cc48d873be37c633c09b2ec3d8751917b476394c42b8c686f802846078b72c81dc521ce14bf85e18bf361594
SSDEEP

1536:wvNtgwr3U4xcFE9jxOjA2jls3WGkoe6Us89T8r9AtnertLF5:wvN2EcFE9jxOjpa3v7EskT8rmtIh5

Score

10^/10

xworm rat trojan

Family

xworm

Version

5.0

127.0.0.1:80

Mutex

qPmcUJHu8Va5TNio

Attributes

aes.plain

Detect Xworm Payload 1 IoCs

resource	yara_rule
behavioral8/memory/936-1-0x0000000000370000-0x000000000039A000-memory.dmp	family_xworm

Suspicious use of AdjustPrivilegeToken 1 IoCs

description	pid	Process
Token: SeDebugPrivilege	936	XerecaoMiner5.exe

C:\Users\Admin\AppData\Local\Temp\AdapterFixer\Modules\XerecaoMiner5.exe
"C:\Users\Admin\AppData\Local\Temp\AdapterFixer\Modules\XerecaoMiner5.exe"
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:936

memory/936-0-0x00007FFAF3663000-0x00007FFAF3665000-memory.dmp

Filesize
8KB

Download
memory/936-1-0x0000000000370000-0x000000000039A000-memory.dmp

Filesize
168KB

Download
memory/936-2-0x00007FFAF3660000-0x00007FFAF4122000-memory.dmp

Filesize
10.8MB

Download
memory/936-3-0x00007FFAF3663000-0x00007FFAF3665000-memory.dmp

Filesize
8KB

Download
memory/936-4-0x00007FFAF3660000-0x00007FFAF4122000-memory.dmp

Filesize
10.8MB

Download