xworm | bf9aa92f6d38bac626f8063ea8842431ca0c920b919a37e7cac502a86b16b0b9 | Triage

Sharing

General

Target

bf9aa92f6d38bac626f8063ea8842431ca0c920b919a37e7cac502a86b16b0b9.ps1
Size

197KB
Sample

250119-efa6zsvjev
MD5

e124157225a59d8e04e4599a5c85b189
SHA1

cded47561dfb19922075c42db778ab9a7c0b0ed4
SHA256

bf9aa92f6d38bac626f8063ea8842431ca0c920b919a37e7cac502a86b16b0b9
SHA512

9d50cb8d58d36d772344902649dbbe39540116111e000c0b58e529756bd1bb85e38c1254cc090b41a7d02bd7cb7bfb54e34d0c295c586993c83b2186f997e73e
SSDEEP

6144:T3NC3EKsyh4ciFTdTM2JiW0tDCfQHsQIOGL81wk5q+l5QhYUSX1AcbdxXSFcmfy:TLK0y

Score

10^/10

xworm discovery execution rat trojan

Malware Config

Extracted

Family

xworm

C2

85.209.11.15:4404

Attributes

install_file
USB.exe

Targets

- Target
  
  bf9aa92f6d38bac626f8063ea8842431ca0c920b919a37e7cac502a86b16b0b9.ps1
- Size
  
  197KB
- MD5
  
  e124157225a59d8e04e4599a5c85b189
- SHA1
  
  cded47561dfb19922075c42db778ab9a7c0b0ed4
- SHA256
  
  bf9aa92f6d38bac626f8063ea8842431ca0c920b919a37e7cac502a86b16b0b9
- SHA512
  
  9d50cb8d58d36d772344902649dbbe39540116111e000c0b58e529756bd1bb85e38c1254cc090b41a7d02bd7cb7bfb54e34d0c295c586993c83b2186f997e73e
- SSDEEP
  
  6144:T3NC3EKsyh4ciFTdTM2JiW0tDCfQHsQIOGL81wk5q+l5QhYUSX1AcbdxXSFcmfy:TLK0y
Score

10^/10

execution xworm discovery rat trojan
- Detect Xworm Payload
- Xworm
  Xworm is a remote access trojan written in C#.
  trojan rat xworm
- Xworm family
  xworm
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Command and Scripting Interpreter

PowerShell

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2

xwormdiscoveryexecutionrattrojan