xworm | 8486df955b21ba53ae0f4e3000e553be9a52d5782327830b9ed11cf05e4ea1c3 | Triage

Submit
Reports

Overview

overview

Static

static

3

ABONO DE C...CH.exe

windows7-x64

ABONO DE C...CH.exe

windows10-ltsc 2021-x64

Sharing

General

Target

ABONO DE CARTERA CLIENTE REALIZADA ACH.exe
Size

944KB
Sample

241119-1egs2asqds
MD5

fee033f332a3969e9fdc44a3d6b063fc
SHA1

4d7a1aebf503779d11c7234ecd743fde22c90635
SHA256

8486df955b21ba53ae0f4e3000e553be9a52d5782327830b9ed11cf05e4ea1c3
SHA512

6bf90264a34124dcb945523a82a26b9865700301a3022df603b17059d61396d665ca50ae89d52f364ec51c500da326dcf65d1f056d42cdb24b1c02e2759ccf67
SSDEEP

12288:Vgx1dICGS4J7P8d4d720RwMw8aO9JIq5E7+vfsItPK5z7lenbsGyD5p0:VgUSk720RGs9JH5EjI+knINE

Score

10^/10

xworm discovery persistence rat trojan

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

ABONO DE CARTERA CLIENTE REALIZADA ACH.exe

Resource

win7-20240903-es

xworm discovery persistence rat trojan

windows7-x64

12 signatures

600 seconds

Behavioral task

behavioral2

Sample

ABONO DE CARTERA CLIENTE REALIZADA ACH.exe

Resource

win10ltsc2021-20241023-es

xworm discovery persistence rat trojan

windows10-ltsc 2021-x64

10 signatures

600 seconds

Malware Config

Extracted

Family

xworm

Version

5.0

C2

87.120.116.179:1300

Mutex

C33DN8qMtx58OdAb

Attributes

install_file
USB.exe

aes.plain

Targets

- Target
  
  ABONO DE CARTERA CLIENTE REALIZADA ACH.exe
- Size
  
  944KB
- MD5
  
  fee033f332a3969e9fdc44a3d6b063fc
- SHA1
  
  4d7a1aebf503779d11c7234ecd743fde22c90635
- SHA256
  
  8486df955b21ba53ae0f4e3000e553be9a52d5782327830b9ed11cf05e4ea1c3
- SHA512
  
  6bf90264a34124dcb945523a82a26b9865700301a3022df603b17059d61396d665ca50ae89d52f364ec51c500da326dcf65d1f056d42cdb24b1c02e2759ccf67
- SSDEEP
  
  12288:Vgx1dICGS4J7P8d4d720RwMw8aO9JIq5E7+vfsItPK5z7lenbsGyD5p0:VgUSk720RGs9JH5EjI+knINE
Score

10^/10

xworm discovery persistence rat trojan
- Detect Xworm Payload
- Xworm
  Xworm is a remote access trojan written in C#.
  trojan rat xworm
- Xworm family
  xworm
- Adds Run key to start application
  persistence
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Modify Registry

Credential Access

Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

xwormdiscoverypersistencerattrojan

behavioral2

xwormdiscoverypersistencerattrojan

© 2018-2025

Terms | Privacy