xworm | 31b5dd4b9119afd13692f5a3d204b139fe78affae1d1ceb6ca426ea59d8a1df1 | Triage

Sharing

General

Target

Private Key (infected).zip
Size

137KB
Sample

241203-hrng8svjev
MD5

70d06330e186df7cc1230934f1c2fc13
SHA1

0b34665615ce674e3d5597f195e1dc018c154ec3
SHA256

31b5dd4b9119afd13692f5a3d204b139fe78affae1d1ceb6ca426ea59d8a1df1
SHA512

1c2e0c1f9ef11fb600a6ce35325a44faf228aa17dca7dbfa1001fa3c2333725d4fe46490921329a2eebe638d930e4152a50ccdf7830bbf8240806c2d128716de
SSDEEP

3072:gJLIHRnm9UzCz+J8qETkduWSmRVtVHWWqVrAUEUy6c2kinJhtORQe:yL79UzCyJ3Ok79bZqVVyVQns

Score

10^/10

xworm persistence rat trojan

Malware Config

Targets

- Target
  
  Private Key/PrivateKey.exe
- Size
  
  154KB
- MD5
  
  862464171ecda5723495bb550333299d
- SHA1
  
  758a01822fc99784aa4aee11320c5d0ef9f9144a
- SHA256
  
  351204f597cc50297b451ec81afc83c4f36051a02a53337717d60f2d44af75eb
- SHA512
  
  7a9207c86f48242a8eac5bc023a489fdf07cc6773f77661c9014e567bc210828fcd87af956c419bc07c6438c422f5a8d98c1b30deb6852030e364f64edbc47ce
- SSDEEP
  
  3072:DgBYQ1F57Um2xodoYCIERvrdboeIPPQxRzWr:kBb53ERvrdbsPIxRzW
Score

10^/10

xworm persistence rat trojan
- Detect Xworm Payload
- Xworm
  Xworm is a remote access trojan written in C#.
  trojan rat xworm
- Xworm family
  xworm
- Adds Run key to start application
  persistence
behavioral1

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Modify Registry

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

xwormpersistencerattrojan