xworm | 16fa4a9b4898751c6ee4428f8b365fe3301b8f477ae12790e16a62acb149ac88

Analysis

max time kernel
2s
max time network
6s
platform
windows10-2004_x64
resource
win10v2004-20241007-en
resource tags

arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
submitted
19/11/2024, 00:09

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

Builder‌.exe
Size

765KB
MD5

6bdeb48089f5812a21bef4226697c748
SHA1

7c39058e8ef2c5c34f9718bfd0d92f448fcc7dd4
SHA256

16fa4a9b4898751c6ee4428f8b365fe3301b8f477ae12790e16a62acb149ac88
SHA512

00ebc44550e86b2c98079dc033b0f45cec7787708d69e283a64adfdd9250e1a3ef02b4c6d9da4fe3dc29c2e3648d9cfdcc19fcad4b1214384a19421c9f13eb53
SSDEEP

12288:d7+FWC3IYQ1QdzfREFLfkiiUh7X6hXw9l9wkBEnemOB+pTF2vi4LU8oK7MLpX/51:L2vZlQfkiiUhj6yH93OnedswvHYNdX/y

Score

10^/10

xworm rat trojan

Malware Config

Extracted

Family

xworm

us1.localto.net:38447

Attributes

Install_directory
%AppData%
install_file
svchost.exe
telegram
https://api.telegram.org/bot7023899363:AAFEzgbfWzhyE32Lf95TKSRYEYXMd4AfMyk/sendMessage?chat_id=6354844663

Signatures

Detect Xworm Payload 2 IoCs

resource	yara_rule
behavioral2/files/0x000c000000023b28-18.dat	family_xworm
behavioral2/memory/1016-28-0x0000000000020000-0x000000000003A000-memory.dmp	family_xworm

Xworm
Xworm is a remote access trojan written in C#.
trojan rat xworm
Xworm family
xworm

C:\Users\Admin\AppData\Local\Temp\Builder‌.exe
"C:\Users\Admin\AppData\Local\Temp\Builder‌.exe"
1⤵
PID:720
- C:\Users\Admin\AppData\Local\Temp\Builder.exe
  "C:\Users\Admin\AppData\Local\Temp\Builder.exe"
  2⤵
  PID:5100
- C:\Users\Admin\AppData\Roaming\svchost.exe
  "C:\Users\Admin\AppData\Roaming\svchost.exe"
  2⤵
  PID:1016

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\Builder.exe

Filesize
128KB

MD5
79732677ddeb3a61002658bfa4f8498b

SHA1
85c7c74215446bac9522dac108265de392de8102

SHA256
a61fd3e321342a51107c0fc491084c40c669b2aa1c902f37aa5ba5f745d53020

SHA512
6cd1d69a7269a0b0b5aa0af87d597356913f16d24dc736485e219482ead83f5baaab45eb6c5e1cc7426dfa29e352bba968f63b31798cca4470b054eed81558da

Download Submit
C:\Users\Admin\AppData\Local\Temp\Builder.exe

Filesize
1.6MB

MD5
92f649f929c34b1e6ff54d9f12b65b3e

SHA1
779e775c832df285081bcf378f33e12b61c24a2e

SHA256
07bbc8e698bb5e7e76ab20e20a00d24debc1f1fd678ba8c8c9b47060cf98277b

SHA512
c0705ed1a6ddccbd2a8246ed295f8e1d1390e1d89ed67877ed390dd9ad64e0f38160e51b2a7f0ba0ce85065de162f33a92a5e14c26e8665ded3aeffcc2893d22

Download Submit
C:\Users\Admin\AppData\Roaming\svchost.exe

Filesize
79KB

MD5
f629ec7b4e150c2cdef2b5bd6271f929

SHA1
82b0e98320c49a56bd9602727710bba2107f5b33

SHA256
253a04ae35f1454afc908b4f4ce914d8cc3dda43ff2b723a71d556b54305e4f1

SHA512
4bb27be38f345854b2e767dca9022fcdc8af1521d15e9c1d0a14478f4300d8b652b667b31c903a7eef8efc1ae6915df08ee23b5ff43ad3c68618a1a58b59249e

Download Submit
memory/720-0-0x00007FFE3D2D3000-0x00007FFE3D2D5000-memory.dmp

Filesize
8KB

Download
memory/720-1-0x0000000000A50000-0x0000000000B16000-memory.dmp

Filesize
792KB

Download
memory/720-4-0x00007FFE3D2D0000-0x00007FFE3DD91000-memory.dmp

Filesize
10.8MB

Download
memory/720-30-0x00007FFE3D2D0000-0x00007FFE3DD91000-memory.dmp

Filesize
10.8MB

Download
memory/1016-28-0x0000000000020000-0x000000000003A000-memory.dmp

Filesize
104KB

Download
memory/1016-29-0x00007FFE3D2D0000-0x00007FFE3DD91000-memory.dmp

Filesize
10.8MB

Download
memory/5100-23-0x0000000000400000-0x0000000000450000-memory.dmp

Filesize
320KB

Download

Analysis

Sharing

General

Malware Config

Extracted

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads