xworm | 4bcc85712b15132783ec43ba4f34f528f1a0dc9b3a62328fb15eefeebfb53820 | Triage

Sharing

General

Target

WaveCrack_Setup.exe
Size

40KB
Sample

250119-pxkf4aylck
MD5

8287a8adc30dc0247fe326b7911915c1
SHA1

86cb67ef4c3b5050388d55a52fc6c12eb719e5f2
SHA256

4bcc85712b15132783ec43ba4f34f528f1a0dc9b3a62328fb15eefeebfb53820
SHA512

4e8a3debc0bdb01ae1c93a0cb6840b0f19c2a84637d2624d680a638707ae96e89488539a342ca79e93bdfb1fb539a627c61c98aea0992659dfd2915d9129e565
SSDEEP

384:5a1UqqyHfBXyhCTTTG/8VpPyJLZXHhamSPLZHI1t9lD4/PKANR2uiQHpkFMAIiLQ:NyMEvPE+1Z4ADNULNFr9eFqO+hn6px

Score

10^/10

xworm rat trojan

Malware Config

Extracted

Family

xworm

Version

5.0

Mutex

sOB91tZbixBC7RKs

Attributes

Install_directory
%AppData%
install_file
XClient.exe
pastebin_url
https://pastebin.com/raw/ay20NBKe

aes.plain

Targets

- Target
  
  WaveCrack_Setup.exe
- Size
  
  40KB
- MD5
  
  8287a8adc30dc0247fe326b7911915c1
- SHA1
  
  86cb67ef4c3b5050388d55a52fc6c12eb719e5f2
- SHA256
  
  4bcc85712b15132783ec43ba4f34f528f1a0dc9b3a62328fb15eefeebfb53820
- SHA512
  
  4e8a3debc0bdb01ae1c93a0cb6840b0f19c2a84637d2624d680a638707ae96e89488539a342ca79e93bdfb1fb539a627c61c98aea0992659dfd2915d9129e565
- SSDEEP
  
  384:5a1UqqyHfBXyhCTTTG/8VpPyJLZXHhamSPLZHI1t9lD4/PKANR2uiQHpkFMAIiLQ:NyMEvPE+1Z4ADNULNFr9eFqO+hn6px
Score

10^/10

xworm rat trojan
- Detect Xworm Payload
- Xworm
  Xworm is a remote access trojan written in C#.
  trojan rat xworm
- Xworm family
  xworm
- Drops startup file
- Legitimate hosting services abused for malware hosting/C2
behavioral1

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

Lateral Movement

Collection

Command and Control

Web Service

Exfiltration

Impact

Tasks

static1

behavioral1