xworm | 7e123df6e3f5b7c3f91c57a9f7d7511db49e7f406e0f479df405cbc86ab92898 | Triage

Submit
Reports

Overview

overview

Static

static

1

NewPurchaseOrder.rtf

windows7-x64

NewPurchaseOrder.rtf

windows10-2004-x64

1

Sharing

General

Target

NewPurchaseOrder.rtf
Size

66KB
Sample

241203-qbvwdasjgq
MD5

52b9edce3719a332f117735c74d70b27
SHA1

027c2f05b720790bd29b96a54c42ea9625c6291d
SHA256

7e123df6e3f5b7c3f91c57a9f7d7511db49e7f406e0f479df405cbc86ab92898
SHA512

8ecbac8a98ba0369752ee4fa4a1fa8e48573d5cb4f3fa76d14059d9e1d7aa43fa9dcf18524c11b9cb2bb3b07011477239531934de54162dd44ce1f7e578fe848
SSDEEP

192:Tu+MOxqg6kYkpt5JwYiXyMAoyO7ttFFFFhxPWg6mKIxRpBPmwK2aYR8+m8qPHljr:5gkptLPiXjAoyGV/Ilf/E4kSTN

Score

10^/10

xworm discovery persistence rat trojan

Static task

static1

Behavioral task

behavioral1

Sample

NewPurchaseOrder.rtf

Resource

win7-20240903-en

xworm discovery persistence rat trojan

windows7-x64

23 signatures

150 seconds

Behavioral task

behavioral2

Sample

NewPurchaseOrder.rtf

Resource

win10v2004-20241007-en

windows10-2004-x64

4 signatures

150 seconds

Malware Config

Targets

- Target
  
  NewPurchaseOrder.rtf
- Size
  
  66KB
- MD5
  
  52b9edce3719a332f117735c74d70b27
- SHA1
  
  027c2f05b720790bd29b96a54c42ea9625c6291d
- SHA256
  
  7e123df6e3f5b7c3f91c57a9f7d7511db49e7f406e0f479df405cbc86ab92898
- SHA512
  
  8ecbac8a98ba0369752ee4fa4a1fa8e48573d5cb4f3fa76d14059d9e1d7aa43fa9dcf18524c11b9cb2bb3b07011477239531934de54162dd44ce1f7e578fe848
- SSDEEP
  
  192:Tu+MOxqg6kYkpt5JwYiXyMAoyO7ttFFFFhxPWg6mKIxRpBPmwK2aYR8+m8qPHljr:5gkptLPiXjAoyGV/Ilf/E4kSTN
Score

10^/10

xworm discovery persistence rat trojan
- Detect Xworm Payload
- Xworm
  Xworm is a remote access trojan written in C#.
  trojan rat xworm
- Xworm family
  xworm
- Blocklisted process makes network request
- Downloads MZ/PE file
- Drops startup file
- Executes dropped EXE
- Loads dropped DLL
- Adds Run key to start application
  persistence
- AutoIT Executable
  AutoIT scripts compiled to PE executables.
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Exploitation for Client Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

xwormdiscoverypersistencerattrojan

behavioral2

© 2018-2024

Terms | Privacy