xworm | 2aa4395a2484f92aa13f0a364ee8e128395f2fb785e0ab6eeff868f023950b89 | Triage

Sharing

General

Target

2aa4395a2484f92aa13f0a364ee8e128395f2fb785e0ab6eeff868f023950b89.exe
Size

37KB
Sample

250120-hfg63swnfs
MD5

0bb3afaca80dc8d2656758dfca76c634
SHA1

4acce37705831c3b49f00ee3386ff4e62e32f0c9
SHA256

2aa4395a2484f92aa13f0a364ee8e128395f2fb785e0ab6eeff868f023950b89
SHA512

02c4c326bd976f1b5e9ed1f8c9ba3e32eda7c71c95b2c21f90cea1e45d8384b7f15f458be020883bf99cda879647348fb1421196001154153009f31dfd9671d7
SSDEEP

768:hsuO5qBw/s6y7pxnm9uCOITbCsay5Q9lu0OzXh3Oh2MBCA:euuqu/shCu4bCsaJfpOLOBCA

Score

10^/10

xworm rat trojan

Malware Config

Extracted

Family

xworm

Mutex

zmيLاIJK8اRبes0C9caكلEueلبbxkي

Attributes

Install_directory
%Port%
install_file
MasonUSB.exe
telegram
https://api.telegram.org/bot7474113602:AAGqt9bHSTfEOJdVPdI2enh5mOP4yQm6bps/sendMessage?chat_id=7068745055

aes.plain

Targets

- Target
  
  2aa4395a2484f92aa13f0a364ee8e128395f2fb785e0ab6eeff868f023950b89.exe
- Size
  
  37KB
- MD5
  
  0bb3afaca80dc8d2656758dfca76c634
- SHA1
  
  4acce37705831c3b49f00ee3386ff4e62e32f0c9
- SHA256
  
  2aa4395a2484f92aa13f0a364ee8e128395f2fb785e0ab6eeff868f023950b89
- SHA512
  
  02c4c326bd976f1b5e9ed1f8c9ba3e32eda7c71c95b2c21f90cea1e45d8384b7f15f458be020883bf99cda879647348fb1421196001154153009f31dfd9671d7
- SSDEEP
  
  768:hsuO5qBw/s6y7pxnm9uCOITbCsay5Q9lu0OzXh3Oh2MBCA:euuqu/shCu4bCsaJfpOLOBCA
Score

10^/10

xworm rat trojan
- Detect Xworm Payload
- Xworm
  Xworm is a remote access trojan written in C#.
  trojan rat xworm
- Xworm family
  xworm
- Legitimate hosting services abused for malware hosting/C2
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Web Service

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2