xworm | fc16219abe3f5272052e7238be66431e1d1b3e7d2faf996c701ce576cce74290 | Triage

Sharing

General

Target

Bloxstrap-v2.8.1.exe
Size

11.2MB
Sample

241122-wljtra1maq
MD5

5d16971f4e0d6e5f99d18d28672cc621
SHA1

bcd7f4fe26313fe3ced6ced1f5952d6429fac416
SHA256

fc16219abe3f5272052e7238be66431e1d1b3e7d2faf996c701ce576cce74290
SHA512

fae8a171467bb1e33f4920f93a9defdc5743d478d5c90446b43132ea1d45aaa7edf1ebbfce4b8ed27a8a70c9197492a4dc7694cf2a411a46f563b28dcd5668c9
SSDEEP

196608:ISHBLJKbIWxA63vYjVQ4SvrOXvH0RG1jT7ub1EBKnQtD794BYb:FBVKNAGvcmTWUc1jT7FKnyJ

Score

10^/10

xworm discovery persistence rat trojan

Malware Config

Extracted

Family

xworm

Version

5.0

C2

192.168.68.139:2068

tell-outcome.gl.at.ply.gg:2068

Mutex

SXJOPv2u5QpF0aEa

Attributes

Install_directory
%AppData%
install_file
FileExplorer.exe

aes.plain

Targets

- Target
  
  Bloxstrap-v2.8.1.exe
- Size
  
  11.2MB
- MD5
  
  5d16971f4e0d6e5f99d18d28672cc621
- SHA1
  
  bcd7f4fe26313fe3ced6ced1f5952d6429fac416
- SHA256
  
  fc16219abe3f5272052e7238be66431e1d1b3e7d2faf996c701ce576cce74290
- SHA512
  
  fae8a171467bb1e33f4920f93a9defdc5743d478d5c90446b43132ea1d45aaa7edf1ebbfce4b8ed27a8a70c9197492a4dc7694cf2a411a46f563b28dcd5668c9
- SSDEEP
  
  196608:ISHBLJKbIWxA63vYjVQ4SvrOXvH0RG1jT7ub1EBKnQtD794BYb:FBVKNAGvcmTWUc1jT7FKnyJ
Score

10^/10

xworm discovery persistence rat trojan
- Detect Xworm Payload
- Xworm
  Xworm is a remote access trojan written in C#.
  trojan rat xworm
- Xworm family
  xworm
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Loads dropped DLL
- Adds Run key to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

System Time Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

xwormdiscoverypersistencerattrojan

behavioral2

xwormpersistencerattrojan