xworm | d99f3b5b99dd6857fd12974b2f292ba7c59d0b99858ed0d1d2d20aeb9b63419c | Triage

Submit
Reports

Overview

overview

Static

static

3

No 0001405...TE.exe

windows7-x64

No 0001405...TE.exe

windows10-2004-x64

Sharing

General

Target

ac86c4972f7bf9a62ad7bd5fc4ffcccc.zip
Size

448KB
Sample

241203-t9yayatngw
MD5

ac86c4972f7bf9a62ad7bd5fc4ffcccc
SHA1

243ee37d5503bc330b0593a36275dbe452bcce29
SHA256

d99f3b5b99dd6857fd12974b2f292ba7c59d0b99858ed0d1d2d20aeb9b63419c
SHA512

e986dab06df8b89903fe2b8ccb9f19ee48d7971a347cb458d87aa4b04d7d99a938a16cb74dc27bc3fa1be2c24bde65adbd60dc6bebce8664ae450ad714e7ab7a
SSDEEP

6144:2mISoW7EEAZT/ZjlDsjtKBUe9MEu0RTBUY4GzBhWPjn63rrF3Mww3aAFO9B9Zkz4:26oWOjIEGeVR2Y4Gd663rluXSBm4

Score

10^/10

xworm discovery rat trojan

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

No 00014052024 3 DE DICIEMBRE DE 2024 COBRO JURÍDICO VIGENTE.exe

Resource

win7-20241010-en

xworm discovery rat trojan

windows7-x64

9 signatures

180 seconds

Behavioral task

behavioral2

Sample

No 00014052024 3 DE DICIEMBRE DE 2024 COBRO JURÍDICO VIGENTE.exe

Resource

win10v2004-20241007-en

xworm discovery rat trojan

windows10-2004-x64

9 signatures

180 seconds

Malware Config

Extracted

Family

xworm

Version

5.0

C2

87.120.116.179:1300

Mutex

aMI0xjUDQCeZl19j

Attributes

install_file
USB.exe

aes.plain

Targets

- Target
  
  No 00014052024 3 DE DICIEMBRE DE 2024 COBRO JURÍDICO VIGENTE.exe
- Size
  
  925KB
- MD5
  
  995d3084d0fd6ccc4e85d09b6ca30c12
- SHA1
  
  847e8e0116cf85d2a11febab9d0d4c565730aa41
- SHA256
  
  cdeab2d0f4995ca3c36fbf98045f7c0ea46f85f47e51b05b14dec1919eaccb81
- SHA512
  
  6ce973bb3a6c703763136c4a68bc42724a9caf555115f9810de50edaca1bc7681767b9ceee8cd3cad6720720ad27506f21ad87a98d9f020ce3272ae41e327404
- SSDEEP
  
  12288:SY1xBOrpw3Wf+6vk7A5oItYHvmpMxmtPWAl2Rbf+/Zc+hJeg5RrMlT5jwM/FOXJT:SPVqWZvkWoImvOVPWAARbfmZcEAjZ/y
Score

10^/10

xworm discovery rat trojan
- Detect Xworm Payload
- Xworm
  Xworm is a remote access trojan written in C#.
  trojan rat xworm
- Xworm family
  xworm
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

xwormdiscoveryrattrojan

behavioral2

xwormdiscoveryrattrojan

© 2018-2024

Terms | Privacy