xworm | 5a2fdd394b6eeab5f0af64c23d012be3227fa505fefcf5491d4dcb3ec46d2ae6 | Triage

Submit
Reports

Overview

overview

Static

static

3

DEMANDA EJ...45.exe

windows7-x64

DEMANDA EJ...45.exe

windows10-2004-x64

Sharing

General

Target

afacf0007be6254e7c1e00fca8f94252.zip
Size

958KB
Sample

241203-wb9x7awlg1
MD5

afacf0007be6254e7c1e00fca8f94252
SHA1

d62760fdb7375df56971f119fed5f68f1b89d230
SHA256

5a2fdd394b6eeab5f0af64c23d012be3227fa505fefcf5491d4dcb3ec46d2ae6
SHA512

cb71df61af60914c22423b03207b644b2906af49157e2eda7f3baca56169fb60d241f9c99433ff1d26b2f9a9cd06b6e981b23bba5bc6e795d353bf958379f4f4
SSDEEP

24576:a8h4uBaUkwD7AYt40TIkQRZNx+hzIwF0rCbtCkchmpSR:a8Kuhk4kYt40TURZXazJqCBJC

Score

10^/10

xworm discovery persistence rat trojan

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

DEMANDA EJECUTIVA RADICADO 405595045.exe

Resource

win7-20241010-en

xworm discovery persistence rat trojan

windows7-x64

10 signatures

180 seconds

Behavioral task

behavioral2

Sample

DEMANDA EJECUTIVA RADICADO 405595045.exe

Resource

win10v2004-20241007-en

xworm discovery persistence rat trojan

windows10-2004-x64

10 signatures

180 seconds

Malware Config

Extracted

Family

xworm

Version

5.0

C2

87.120.116.179:1300

Mutex

JTzuMwKRwNYwE18T

Attributes

install_file
USB.exe

aes.plain

Targets

- Target
  
  DEMANDA EJECUTIVA RADICADO 405595045.exe
- Size
  
  1.6MB
- MD5
  
  dc9cbec3c91f2157b4e90c9a50692faf
- SHA1
  
  0903bcfeb310040f9f546af5142db0d6373bbf76
- SHA256
  
  27777c77aab92ffdcfc186e8a1978b4e969a88f12b783b01b7839c54572576a5
- SHA512
  
  7a0b13e1b6a52bc17bd4f6ac17f5e8b673756c5b697284da3c4838c2a8447dce3e353f44e6a6d1282717a104549a1daca8a5d06fa83450c5b484119f9b664744
- SSDEEP
  
  49152:8lbi1+B5HhMRAovIv2SSOS2ikriZ4ahbRHQXm3nczwSagO+lZmHSMtkFtz42Dt6U:8lbya5HhMRAovPO9ikramom
Score

10^/10

xworm discovery persistence rat trojan
- Detect Xworm Payload
- Xworm
  Xworm is a remote access trojan written in C#.
  trojan rat xworm
- Xworm family
  xworm
- Adds Run key to start application
  persistence
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Modify Registry

Credential Access

Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

xwormdiscoverypersistencerattrojan

behavioral2

xwormdiscoverypersistencerattrojan

© 2018-2025

Terms | Privacy