xworm | 47d0ceb844938cc8c28168f069f45461e5f0d670205fef7d092a41704ae416f0 | Triage

Sharing

General

Target

adsav.exe
Size

55KB
Sample

250119-1tnj5aykbn
MD5

80c7ba2da4987600d1e9008265aafb0d
SHA1

4712783a6004912fd4cedd71e9f60a0ddd03b6d0
SHA256

47d0ceb844938cc8c28168f069f45461e5f0d670205fef7d092a41704ae416f0
SHA512

fbefdc6b3f2d6669c1382ebad364d96e9561c40d561e6d9d9a1d50e331d54c72d7fd3602f8f9e2824a43ee11e20bd0d15f2dc80fef27fe840618c0b2c6c31317
SSDEEP

768:h2GgkY5J4Z3LSPQVrHO46v/qNo/ORG7CAXORF72pC+beeM2cSj428lDADOcLeh+E:hLEv/6om47OR92k+bVRcSESO7gJXG

Score

10^/10

xworm persistence rat trojan

Malware Config

Extracted

Family

xworm

C2

127.0.0.1:58981

147.185.221.24:58981

Attributes

Install_directory
%AppData%
install_file
Update.exe

Targets

- Target
  
  adsav.exe
- Size
  
  55KB
- MD5
  
  80c7ba2da4987600d1e9008265aafb0d
- SHA1
  
  4712783a6004912fd4cedd71e9f60a0ddd03b6d0
- SHA256
  
  47d0ceb844938cc8c28168f069f45461e5f0d670205fef7d092a41704ae416f0
- SHA512
  
  fbefdc6b3f2d6669c1382ebad364d96e9561c40d561e6d9d9a1d50e331d54c72d7fd3602f8f9e2824a43ee11e20bd0d15f2dc80fef27fe840618c0b2c6c31317
- SSDEEP
  
  768:h2GgkY5J4Z3LSPQVrHO46v/qNo/ORG7CAXORF72pC+beeM2cSj428lDADOcLeh+E:hLEv/6om47OR92k+bVRcSESO7gJXG
Score

10^/10

xworm persistence rat trojan
- Detect Xworm Payload
- Xworm
  Xworm is a remote access trojan written in C#.
  trojan rat xworm
- Xworm family
  xworm
- Drops startup file
- Adds Run key to start application
  persistence
behavioral1

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Modify Registry

Credential Access

Discovery

Peripheral Device Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

xwormpersistencerattrojan