xworm | ec926a48c220ecd85825ec84c9521695708750c30834d3da3f2cd335851cf1ec | Triage

Sharing

General

Target

ec926a48c220ecd85825ec84c9521695708750c30834d3da3f2cd335851cf1ec.exe
Size

37KB
Sample

241119-xyvx8azqbz
MD5

860ac5b2c0818df47bbcf08812b7e41c
SHA1

a241d03271158feaa7b67bc996fbfdfb20326899
SHA256

ec926a48c220ecd85825ec84c9521695708750c30834d3da3f2cd335851cf1ec
SHA512

aa9742ae79ff67c97096e63abd27cecfa55749fc08d91d6afc10528baae1ef28b9bb5fb5e82033954becda0a9a37d0553ea96be819fcb2247fdd389154396a83
SSDEEP

384:0G1LPXqrLNpOCSYSP9zoHtLZXwq7g5aOKNnwg/pBrCJLqm3AXkrhpkF0+LTRZwdq:JPaZc55K6sAom3AUoFW9ggO1hDQM/P

Score

10^/10

xworm rat trojan

Malware Config

Extracted

Family

xworm

Version

5.0

Mutex

Nen131aoFM2x3zyi

Attributes

Install_directory
%AppData%
install_file
OKEAN.exe
pastebin_url
https://pastebin.com/raw/b28eXjCB

aes.plain

Targets

- Target
  
  ec926a48c220ecd85825ec84c9521695708750c30834d3da3f2cd335851cf1ec.exe
- Size
  
  37KB
- MD5
  
  860ac5b2c0818df47bbcf08812b7e41c
- SHA1
  
  a241d03271158feaa7b67bc996fbfdfb20326899
- SHA256
  
  ec926a48c220ecd85825ec84c9521695708750c30834d3da3f2cd335851cf1ec
- SHA512
  
  aa9742ae79ff67c97096e63abd27cecfa55749fc08d91d6afc10528baae1ef28b9bb5fb5e82033954becda0a9a37d0553ea96be819fcb2247fdd389154396a83
- SSDEEP
  
  384:0G1LPXqrLNpOCSYSP9zoHtLZXwq7g5aOKNnwg/pBrCJLqm3AXkrhpkF0+LTRZwdq:JPaZc55K6sAom3AUoFW9ggO1hDQM/P
Score

10^/10

xworm rat trojan
- Detect Xworm Payload
- Xworm
  Xworm is a remote access trojan written in C#.
  trojan rat xworm
- Xworm family
  xworm
- Drops startup file
- Legitimate hosting services abused for malware hosting/C2
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

Lateral Movement

Collection

Command and Control

Web Service

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2