xworm | 087f62458517a3fac322b3c8feb38959377bc1bbbee6174fbeb41b6c25a4499c | Triage

Sharing

General

Target

New.exe
Size

39KB
Sample

250121-v6sfysvmc1
MD5

b4d443314462b4df0dc8b7c33085b0a2
SHA1

7aa1bd73ba5ca27d97f0c714fdd86cfdd887304b
SHA256

087f62458517a3fac322b3c8feb38959377bc1bbbee6174fbeb41b6c25a4499c
SHA512

3184a175f7219c1253ce2cfadda36e9d50b2845802419b60da84175cb41096c85bdbe265665558d76a723e7286a4b5f99aaacf2fef5200aa0bc925ea23f38733
SSDEEP

768:8vuzg/d8wQCu6v6hCuuJf27P1fFWPG9/a6OOwhYjmbF:dz68wNhwCuuJfUFv9/a6OOwGSJ

Score

10^/10

xworm execution persistence rat trojan

Malware Config

Extracted

Family

xworm

Version

5.0

C2

46.146.46.81:7000:7000

46.146.46.81:7000

Mutex

FaNJqzJhSyTDj5Pr

Attributes

Install_directory
%AppData%
install_file
svchost.exe

aes.plain

Targets

- Target
  
  New.exe
- Size
  
  39KB
- MD5
  
  b4d443314462b4df0dc8b7c33085b0a2
- SHA1
  
  7aa1bd73ba5ca27d97f0c714fdd86cfdd887304b
- SHA256
  
  087f62458517a3fac322b3c8feb38959377bc1bbbee6174fbeb41b6c25a4499c
- SHA512
  
  3184a175f7219c1253ce2cfadda36e9d50b2845802419b60da84175cb41096c85bdbe265665558d76a723e7286a4b5f99aaacf2fef5200aa0bc925ea23f38733
- SSDEEP
  
  768:8vuzg/d8wQCu6v6hCuuJf27P1fFWPG9/a6OOwhYjmbF:dz68wNhwCuuJfUFv9/a6OOwGSJ
Score

10^/10

xworm execution persistence rat trojan
- Detect Xworm Payload
- Xworm
  Xworm is a remote access trojan written in C#.
  trojan rat xworm
- Xworm family
  xworm
- Command and Scripting Interpreter: PowerShell
  Run Powershell to modify Windows Defender settings to add exclusions for file extensions, paths, and processes.
  execution
- Drops startup file
- Executes dropped EXE
- Adds Run key to start application
  persistence
behavioral1

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Command and Scripting Interpreter

PowerShell

Scheduled Task/Job

Scheduled Task

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Scheduled Task/Job

Scheduled Task

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Scheduled Task/Job

Scheduled Task

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

xwormexecutionpersistencerattrojan