xworm | 431813aa35747973b7eff070eee566c7e5426421ef5b18211bd429b5a9c80be7 | Triage

Sharing

General

Target

f43b5b30fcef8c10473fd401e3f0ffaa.zip
Size

1.3MB
Sample

250121-vbvylatkbt
MD5

f43b5b30fcef8c10473fd401e3f0ffaa
SHA1

1d39b182f9e04a7768f8cd7f6b973b72f3af3f30
SHA256

431813aa35747973b7eff070eee566c7e5426421ef5b18211bd429b5a9c80be7
SHA512

7cad0d81649e79203fbc7d6c6c88f7baecd904b2eacbad4db17793c8cdb7813d1e70d5393baa4168ae3cdfd96f88896c9eaeafbcf629124fc52f473f7d82cbc6
SSDEEP

24576:3h0ifAGi4PpPMmsAPTW6wLlhpSeE38IaKI9yN8V1j9gR5vFnpn9Ok7W8lYG2d6p:R0xGi4K7j7pzSOKXN81jExFDjc6p

Score

10^/10

xworm discovery persistence rat trojan

Malware Config

Extracted

Family

xworm

Version

5.0

C2

87.120.116.179:1300

Mutex

zblponSmvy85yKpQ

Attributes

install_file
USB.exe

aes.plain

Targets

- Target
  
  AMORTIZACIÓN BANCARIA.exe
- Size
  
  2.5MB
- MD5
  
  7360bb6297d84ae2464be5a28dbf66c9
- SHA1
  
  7be0c4b196d52f98687d585e3b3f39b3ae5d9cdb
- SHA256
  
  6ac528d67fa33fd955d13d6de332f68d924459e0c98ca9e1b2676258b1d63bfa
- SHA512
  
  0f08d4eb8a414d5abc6db20d02b458668574614b16a075c290590f40d074e3b995cae105fb0a4b013f29852d76e41b3cec75aed7f4b6fd8d5c5a49e0779b7842
- SSDEEP
  
  49152:p5zkILuBjGAldgwTWrkACPNtRfKPO3nKKtdpmYXRS4tlRz:rvLcSAbfTmkAC7RD3nTdprRlRz
Score

10^/10

xworm discovery persistence rat trojan
- Detect Xworm Payload
- Xworm
  Xworm is a remote access trojan written in C#.
  trojan rat xworm
- Xworm family
  xworm
- Adds Run key to start application
  persistence
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Modify Registry

Credential Access

Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

xwormdiscoverypersistencerattrojan

behavioral2

xwormdiscoverypersistencerattrojan