stormkitty | d85a5c0fecaca2bea8850f166dd29dcbc4e007ab34ee7d8ec4a37d80368c1767 | Triage

Submit
Reports

Overview

overview

Static

static

XWorm_V5.6.rar

windows11-21h2-x64

Sharing

General

Target

XWorm_V5.6.rar
Size

22.7MB
Sample

250122-a4v4vaznep
MD5

0ba35875f8c027f4e5e2b3026d6e77f0
SHA1

94343c17f309dfe58424610cc3907213cfd75c65
SHA256

d85a5c0fecaca2bea8850f166dd29dcbc4e007ab34ee7d8ec4a37d80368c1767
SHA512

ff425f0f70dadf1ea52fcad7024c31e7e1f4504eb01e12aa3c7f7d73199b6c43ac09495bb4f9801d77eaf34ad14928d9cb30b25536d31a1221384e5f7e275225
SSDEEP

393216:XQF38cJlfLW9VdrlB09QCOJnyodRh8IGMryjJ28AeqzquS69S6Vr1M8h6vcQavYQ:XO38Kf6VdrqQCcCMryjJCe4quZE6VxYm

Score

10^/10

stormkitty xworm execution rat trojan

Static task

static1

stormkitty xworm

7 signatures

Behavioral task

behavioral1

Sample

XWorm_V5.6.rar

Resource

win11-20241007-en

xworm execution rat trojan

windows11-21h2-x64

18 signatures

300 seconds

Malware Config

Targets

- Target
  
  XWorm_V5.6.rar
- Size
  
  22.7MB
- MD5
  
  0ba35875f8c027f4e5e2b3026d6e77f0
- SHA1
  
  94343c17f309dfe58424610cc3907213cfd75c65
- SHA256
  
  d85a5c0fecaca2bea8850f166dd29dcbc4e007ab34ee7d8ec4a37d80368c1767
- SHA512
  
  ff425f0f70dadf1ea52fcad7024c31e7e1f4504eb01e12aa3c7f7d73199b6c43ac09495bb4f9801d77eaf34ad14928d9cb30b25536d31a1221384e5f7e275225
- SSDEEP
  
  393216:XQF38cJlfLW9VdrlB09QCOJnyodRh8IGMryjJ28AeqzquS69S6Vr1M8h6vcQavYQ:XO38Kf6VdrqQCcCMryjJCe4quZE6VxYm
Score

10^/10

xworm execution rat trojan
- Detect Xworm Payload
- Xworm
  Xworm is a remote access trojan written in C#.
  trojan rat xworm
- Xworm family
  xworm
- Command and Scripting Interpreter: PowerShell
  Run Powershell to modify Windows Defender settings to add exclusions for file extensions, paths, and processes.
  execution
- .NET Reactor proctector
  Detects an executable protected by an unregistered version of Eziriz's .NET Reactor.
- Executes dropped EXE
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
behavioral1

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Command and Scripting Interpreter

PowerShell

Scheduled Task/Job

Scheduled Task

Persistence

Scheduled Task/Job

Scheduled Task

Privilege Escalation

Scheduled Task/Job

Scheduled Task

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

stormkittyxworm

behavioral1

xwormexecutionrattrojan

© 2018-2025

Terms | Privacy