xworm | 20e2b2ac52fece55bde1a09841b9942a15943df542f566273e4a370ce4b06b6e | Triage

Sharing

General

Target

20e2b2ac52fece55bde1a09841b9942a15943df542f566273e4a370ce4b06b6eN.exe
Size

37KB
Sample

250120-jam1tayldl
MD5

7019dd15694b94a720ae4c44f8295110
SHA1

8cd76d9947355abcef281ac4f9f431f5fd4eeb7a
SHA256

20e2b2ac52fece55bde1a09841b9942a15943df542f566273e4a370ce4b06b6e
SHA512

39f395db825c59de0f919c8a58767ad46899af3ed85408aa400dd642f1814c26a976446b0ef04bc9ada2ebb92e9580c4be02932643c5b1f0d355773392991cc5
SSDEEP

768:hsuO5qBw/s6y7pxnm9uCOITbCsay5Q9lu0OzXh3Oh2MBC:euuqu/shCu4bCsaJfpOLOBC

Score

10^/10

xworm rat trojan

Malware Config

Extracted

Family

xworm

Mutex

zmيLاIJK8اRبes0C9caكلEueلبbxkي

Attributes

Install_directory
%Port%
install_file
MasonUSB.exe
telegram
https://api.telegram.org/bot7474113602:AAGqt9bHSTfEOJdVPdI2enh5mOP4yQm6bps/sendMessage?chat_id=7068745055

aes.plain

Targets

- Target
  
  20e2b2ac52fece55bde1a09841b9942a15943df542f566273e4a370ce4b06b6eN.exe
- Size
  
  37KB
- MD5
  
  7019dd15694b94a720ae4c44f8295110
- SHA1
  
  8cd76d9947355abcef281ac4f9f431f5fd4eeb7a
- SHA256
  
  20e2b2ac52fece55bde1a09841b9942a15943df542f566273e4a370ce4b06b6e
- SHA512
  
  39f395db825c59de0f919c8a58767ad46899af3ed85408aa400dd642f1814c26a976446b0ef04bc9ada2ebb92e9580c4be02932643c5b1f0d355773392991cc5
- SSDEEP
  
  768:hsuO5qBw/s6y7pxnm9uCOITbCsay5Q9lu0OzXh3Oh2MBC:euuqu/shCu4bCsaJfpOLOBC
Score

10^/10

xworm rat trojan
- Detect Xworm Payload
- Xworm
  Xworm is a remote access trojan written in C#.
  trojan rat xworm
- Xworm family
  xworm
- Legitimate hosting services abused for malware hosting/C2
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Web Service

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2