stormkitty | f26803b764a54a90852b7fd274d5ced7a8a58f1715d3ab4b96900ad4f9dd0410 | Triage

Submit
Reports

Overview

overview

Static

static

XWorm.V5.3...Bin.7z

windows10-ltsc 2021-x64

XWorm.V5.3...Bin.7z

windows11-21h2-x64

1

Resubmissions

06-01-2025 17:11

250106-vqr59askhz 10

06-01-2025 17:01

250106-vjs4zatqbp 10

Sharing

General

Target

XWorm.V5.3.Optimized.Bin.7z
Size

29.5MB
Sample

250106-vjs4zatqbp
MD5

187b25b9e02c2b5d01a70d9d1855dd7c
SHA1

d0c7d39012ad0507239a3b060ea42cc13b22eb65
SHA256

f26803b764a54a90852b7fd274d5ced7a8a58f1715d3ab4b96900ad4f9dd0410
SHA512

bea5cec59d0ebee26a71c78dc38da47a25ea7932d119868caf82b5e4bbbcecd8969abea80ad41b65352f264ced33c457a041c0d9f321c272a8f913802ee254ed
SSDEEP

786432:ILW4dBG6KKNtxT6xewFcJbnYrFWNbqjnZ5M5od:3wT6xhqRsubq15bd

Score

10^/10

stormkitty xworm agilenet discovery rat trojan

Static task

static1

agilenet stormkitty

5 signatures

Behavioral task

behavioral1

Sample

XWorm.V5.3.Optimized.Bin.7z

Resource

win10ltsc2021-20241211-en

xworm agilenet discovery rat trojan

windows10-ltsc 2021-x64

23 signatures

300 seconds

Behavioral task

behavioral2

Sample

XWorm.V5.3.Optimized.Bin.7z

Resource

win11-20241007-en

windows11-21h2-x64

2 signatures

300 seconds

Malware Config

Extracted

Family

xworm

Version

5.0

C2

127.0.0.1:64935

Mutex

cdkkR0Jevya0kA0b

Attributes

Install_directory
%AppData%
install_file
XClient.exe

aes.plain

Extracted

Family

xworm

C2

127.0.0.1:64935

Attributes

Install_directory
%AppData%
install_file
XClient.exe

Targets

- Target
  
  XWorm.V5.3.Optimized.Bin.7z
- Size
  
  29.5MB
- MD5
  
  187b25b9e02c2b5d01a70d9d1855dd7c
- SHA1
  
  d0c7d39012ad0507239a3b060ea42cc13b22eb65
- SHA256
  
  f26803b764a54a90852b7fd274d5ced7a8a58f1715d3ab4b96900ad4f9dd0410
- SHA512
  
  bea5cec59d0ebee26a71c78dc38da47a25ea7932d119868caf82b5e4bbbcecd8969abea80ad41b65352f264ced33c457a041c0d9f321c272a8f913802ee254ed
- SSDEEP
  
  786432:ILW4dBG6KKNtxT6xewFcJbnYrFWNbqjnZ5M5od:3wT6xhqRsubq15bd
Score

10^/10

xworm agilenet discovery rat trojan
- Detect Xworm Payload
- Xworm
  Xworm is a remote access trojan written in C#.
  trojan rat xworm
- Xworm family
  xworm
- Drops startup file
- Executes dropped EXE
- Loads dropped DLL
- Obfuscated with Agile.Net obfuscator
  Detects use of the Agile.Net commercial obfuscator, which is capable of entity renaming and control flow obfuscation.
  agilenet
- Uses the VBS compiler for execution
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Command and Scripting Interpreter

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Browser Information Discovery

Peripheral Device Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

agilenetstormkitty

behavioral1

xwormagilenetdiscoveryrattrojan

behavioral2

© 2018-2025

Terms | Privacy