xworm | 501df0a422f61939f14b613d2fb3bb5422b1d2f96b57bbbc34a1036781d83a03 | Triage

Submit
Reports

Overview

overview

Static

static

3

TRANSACCIO...IL.exe

windows7-x64

TRANSACCIO...IL.exe

windows10-2004-x64

Sharing

General

Target

d11cdd12b500c146bebcf04d41fd9b5b.zip
Size

958KB
Sample

241202-2ayfnawkfw
MD5

d11cdd12b500c146bebcf04d41fd9b5b
SHA1

a17d9c80286ec15f773c3cc6c3b7c283535d3841
SHA256

501df0a422f61939f14b613d2fb3bb5422b1d2f96b57bbbc34a1036781d83a03
SHA512

787f32588f026f4da53ddc9fd153ee9108f5a924a0b50e6080740d7b96ad5c86e5952dfa1507711f073d1d52665da61e0b9dd35c0e7255218c7f16e0c9477452
SSDEEP

24576:dthv/St8C4kV/hLEle7Kws/eGubFFBZus5jEQKxzhGYA:dthM0AhimVZHUs5j8xw

Score

10^/10

xworm discovery persistence rat trojan

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

TRANSACCIONES DE BANCA MÓVIL.exe

Resource

win7-20240903-en

xworm discovery persistence rat trojan

windows7-x64

10 signatures

180 seconds

Behavioral task

behavioral2

Sample

TRANSACCIONES DE BANCA MÓVIL.exe

Resource

win10v2004-20241007-en

xworm discovery persistence rat trojan

windows10-2004-x64

10 signatures

180 seconds

Malware Config

Extracted

Family

xworm

Version

5.0

C2

87.120.116.179:1300

Mutex

JTzuMwKRwNYwE18T

Attributes

install_file
USB.exe

aes.plain

Targets

- Target
  
  TRANSACCIONES DE BANCA MÓVIL.exe
- Size
  
  1.6MB
- MD5
  
  dc9cbec3c91f2157b4e90c9a50692faf
- SHA1
  
  0903bcfeb310040f9f546af5142db0d6373bbf76
- SHA256
  
  27777c77aab92ffdcfc186e8a1978b4e969a88f12b783b01b7839c54572576a5
- SHA512
  
  7a0b13e1b6a52bc17bd4f6ac17f5e8b673756c5b697284da3c4838c2a8447dce3e353f44e6a6d1282717a104549a1daca8a5d06fa83450c5b484119f9b664744
- SSDEEP
  
  49152:8lbi1+B5HhMRAovIv2SSOS2ikriZ4ahbRHQXm3nczwSagO+lZmHSMtkFtz42Dt6U:8lbya5HhMRAovPO9ikramom
Score

10^/10

xworm discovery persistence rat trojan
- Detect Xworm Payload
- Xworm
  Xworm is a remote access trojan written in C#.
  trojan rat xworm
- Xworm family
  xworm
- Adds Run key to start application
  persistence
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Modify Registry

Credential Access

Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

xwormdiscoverypersistencerattrojan

behavioral2

xwormdiscoverypersistencerattrojan

© 2018-2024

Terms | Privacy