xworm | 9e6985fdb3bfa539f3d6d6fca9aaf18356c28a00604c4f961562c34fa9f11d0f | Triage

Submit
Reports

Overview

overview

Static

static

msedge.exe

windows7-x64

msedge.exe

windows10-2004-x64

Sharing

General

Target

msedge.exe
Size

146KB
Sample

241202-wa6jdavldv
MD5

f1c2525da4f545e783535c2875962c13
SHA1

92bf515741775fac22690efc0e400f6997eba735
SHA256

9e6985fdb3bfa539f3d6d6fca9aaf18356c28a00604c4f961562c34fa9f11d0f
SHA512

56308ac106caa84798925661406a25047df8d90e4b65b587b261010293587938fa922fbb2cfdedfe71139e16bfcf38e54bb31cbcc00cd244db15d756459b6133
SSDEEP

3072:O4et7oUbY1cZx3bNLap5fOesrKe5BV0bUniyimyW:O4GkcHbAe5v0bURy

Score

10^/10

xworm rat trojan

Static task

static1

3 signatures

Behavioral task

behavioral1

Sample

msedge.exe

Resource

win7-20240903-en

xworm rat trojan

windows7-x64

15 signatures

150 seconds

Behavioral task

behavioral2

Sample

msedge.exe

Resource

win10v2004-20241007-en

xworm rat trojan

windows10-2004-x64

15 signatures

150 seconds

Malware Config

Extracted

Family

xworm

Attributes

Install_directory
%LocalAppData%
install_file
USB.exe
pastebin_url
https://pastebin.com/raw/ZnhxAV6a
telegram
https://api.telegram.org/bot7538644364:AAHEMV7mmxz6PSRgzo0ORf3_n0BaazmrAqk/sendMessage?chat_id=7541917888

Targets

- Target
  
  msedge.exe
- Size
  
  146KB
- MD5
  
  f1c2525da4f545e783535c2875962c13
- SHA1
  
  92bf515741775fac22690efc0e400f6997eba735
- SHA256
  
  9e6985fdb3bfa539f3d6d6fca9aaf18356c28a00604c4f961562c34fa9f11d0f
- SHA512
  
  56308ac106caa84798925661406a25047df8d90e4b65b587b261010293587938fa922fbb2cfdedfe71139e16bfcf38e54bb31cbcc00cd244db15d756459b6133
- SSDEEP
  
  3072:O4et7oUbY1cZx3bNLap5fOesrKe5BV0bUniyimyW:O4GkcHbAe5v0bURy
Score

10^/10

xworm rat trojan
- Detect Xworm Payload
- Xworm
  Xworm is a remote access trojan written in C#.
  trojan rat xworm
- Xworm family
  xworm
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Drops startup file
- Executes dropped EXE
- Legitimate hosting services abused for malware hosting/C2
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Scheduled Task/Job

Scheduled Task

Persistence

Scheduled Task/Job

Scheduled Task

Privilege Escalation

Scheduled Task/Job

Scheduled Task

Defense Evasion

Modify Registry

Subvert Trust Controls

Install Root Certificate

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Web Service

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2

© 2018-2024

Terms | Privacy