xworm

General

Target

AdminTools.rar.exe
Size

11.8MB
Sample

241118-lz9bfsyqcq
MD5

ddcffb7143bb8073f53391fd44159950
SHA1

e55cfccc6eefd6c8079f6e18459a3eb509107bd2
SHA256

ddfe0cfb0d6ff02a67de60e59a1f212403d075eb1afebccb7e21e094d463a33a
SHA512

1538f3ee18787485e727904eeac50ea6dbf207ff5aa61620223a33aa5c7c743d17c1ab9c499f04cb6e3954c28434f0dd01ef94412e2a62a94e77d9f996a8db27
SSDEEP

196608:lQXFWvrR+RBZuLVESPp94EMtwBVxCS8ns71EWradV3qAo5QiPZbdBD8h5sf0IfvB:l/URsVz2Z6BVxGmbeV3qc35sfFRf

Score

10^/10

Malware Config

Extracted

Family

xworm

Version

5.0

C2

127.0.0.1:7000

Mutex

FDifYDumKCtsXZEN

Attributes

install_file
USB.exe

aes.plain

1
DGPfLHlwcQ313DUp2MTiPA==

Targets

- Target
  
  AdminTools.rar.exe
- Size
  
  11.8MB
- MD5
  
  ddcffb7143bb8073f53391fd44159950
- SHA1
  
  e55cfccc6eefd6c8079f6e18459a3eb509107bd2
- SHA256
  
  ddfe0cfb0d6ff02a67de60e59a1f212403d075eb1afebccb7e21e094d463a33a
- SHA512
  
  1538f3ee18787485e727904eeac50ea6dbf207ff5aa61620223a33aa5c7c743d17c1ab9c499f04cb6e3954c28434f0dd01ef94412e2a62a94e77d9f996a8db27
- SSDEEP
  
  196608:lQXFWvrR+RBZuLVESPp94EMtwBVxCS8ns71EWradV3qAo5QiPZbdBD8h5sf0IfvB:l/URsVz2Z6BVxGmbeV3qc35sfFRf
Score

10^/10

xworm rat trojan
- Detect Xworm Payload
- Xworm
  Xworm is a remote access trojan written in C#.
  trojan rat xworm
- Xworm family
  xworm
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

1

T1012

System Information Discovery

2

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

Detect Xworm Payload

Xworm family

Checks computer location settings

Executes dropped EXE

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2

We care about your privacy.