xworm | e17cee2ea6241540d5587ba18bc37d66bd7098b348f7e4e652ba614550520ef2 | Triage

Sharing

General

Target

92.255.57.155.ps1
Size

151KB
Sample

250124-lba4ra1ndv
MD5

783f7905ed7e683c128c1e484cffbf63
SHA1

9d01f9ebfab037db4357d077b7284cf1edbce853
SHA256

e17cee2ea6241540d5587ba18bc37d66bd7098b348f7e4e652ba614550520ef2
SHA512

e5840308d51d162b0f1ae3e59d013d55e0aaf2381911ae5ee6246641a5f157e13f07eb87e52d2e327ac590f532fb32584e64ba82cabd3645c36debd5c4b0e55c
SSDEEP

3072:SB7VzghaUYePuBkEx9W2a4OlnlMDFQ9vBzAqx9aKVo6sQ4aR6H:SB5VePtS9W2a4OlnlMp4PVsQ4i6H

Score

10^/10

xworm discovery execution rat trojan

Malware Config

Extracted

Family

xworm

C2

92.255.57.155:4411

Attributes

install_file
USB.exe

Targets

- Target
  
  92.255.57.155.ps1
- Size
  
  151KB
- MD5
  
  783f7905ed7e683c128c1e484cffbf63
- SHA1
  
  9d01f9ebfab037db4357d077b7284cf1edbce853
- SHA256
  
  e17cee2ea6241540d5587ba18bc37d66bd7098b348f7e4e652ba614550520ef2
- SHA512
  
  e5840308d51d162b0f1ae3e59d013d55e0aaf2381911ae5ee6246641a5f157e13f07eb87e52d2e327ac590f532fb32584e64ba82cabd3645c36debd5c4b0e55c
- SSDEEP
  
  3072:SB7VzghaUYePuBkEx9W2a4OlnlMDFQ9vBzAqx9aKVo6sQ4aR6H:SB5VePtS9W2a4OlnlMp4PVsQ4i6H
Score

10^/10

execution xworm discovery rat trojan
- Detect Xworm Payload
- Xworm
  Xworm is a remote access trojan written in C#.
  trojan rat xworm
- Xworm family
  xworm
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Command and Scripting Interpreter

PowerShell

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2

xwormdiscoveryexecutionrattrojan