xworm | 15a1e3ff21bfe98291ab12df7d3586f9de3463ef56a7a5265b63fb45275da450 | Triage

Sharing

General

Target

XClient.exe
Size

30KB
Sample

250118-t4nvbaxrcv
MD5

4662ec44c2d58c3e5f1ed9084c48536b
SHA1

5bfd776442f075d9bf36eab5e9a687446cbb0ae5
SHA256

15a1e3ff21bfe98291ab12df7d3586f9de3463ef56a7a5265b63fb45275da450
SHA512

9c4906e5282a48216af6eac6683e4d2b0962b58320ede06a5e3bac07f375116459545d70e29ca0c6c3893ab4b088d93d8ba51999cd7f272496f661311933e6f7
SSDEEP

768:ZrgECfLH8MYAoR/iw2uBFE9RAKcOqhEbU:dgRUiw24FE9RAKcOqGI

Score

10^/10

xworm rat trojan

Malware Config

Extracted

Family

xworm

Version

3.1

C2

5.tcp.eu.ngrok.io:19645

Mutex

4Oje8OMYMsrnJABB

Attributes

install_file
USB.exe

aes.plain

Targets

- Target
  
  XClient.exe
- Size
  
  30KB
- MD5
  
  4662ec44c2d58c3e5f1ed9084c48536b
- SHA1
  
  5bfd776442f075d9bf36eab5e9a687446cbb0ae5
- SHA256
  
  15a1e3ff21bfe98291ab12df7d3586f9de3463ef56a7a5265b63fb45275da450
- SHA512
  
  9c4906e5282a48216af6eac6683e4d2b0962b58320ede06a5e3bac07f375116459545d70e29ca0c6c3893ab4b088d93d8ba51999cd7f272496f661311933e6f7
- SSDEEP
  
  768:ZrgECfLH8MYAoR/iw2uBFE9RAKcOqhEbU:dgRUiw24FE9RAKcOqGI
Score

10^/10

xworm rat trojan
- Detect Xworm Payload
- Xworm
  Xworm is a remote access trojan written in C#.
  trojan rat xworm
- Xworm family
  xworm
- Legitimate hosting services abused for malware hosting/C2
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Web Service

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2