xworm | 5de6fc51288473b4d652bc281af2bac6d8a5b3795d12d63fb8b50e08d5294ebb | Triage

Resubmissions

24-01-2025 12:21

250124-pjmz3azkaq 6

24-01-2025 12:20

250124-ph5hqazjhk 10

24-01-2025 12:01

250124-n62lasyndm 4

24-01-2025 12:00

250124-n6gwwsxmas 10

24-01-2025 11:33

250124-npc7dawpay 5

24-01-2025 11:20

250124-nfkvvsxlan 10

Sharing

General

Target

RuhsatBelgesi12ACE575 FORDKUNGA.rar
Size

547KB
Sample

250124-nfkvvsxlan
MD5

7bca6bb94ae289df7f4e93af463f4baa
SHA1

919fbc6a305b54ae7d95179e5737dcfa7632fe13
SHA256

5de6fc51288473b4d652bc281af2bac6d8a5b3795d12d63fb8b50e08d5294ebb
SHA512

dad2d0b9c73060aa3e65a62e264c12430654754a0681119b816db705c25e6d385d0a55f97b3d0ea53edaf98701ddb338c64bf123243cb83d4a48dcb060711e68
SSDEEP

12288:xAiQsro08VCJ3hr0Duo1KdTZXltaaVGIq:x3roRVm3uDd1KzVGIq

Score

10^/10

xworm discovery execution rat trojan

Malware Config

Extracted

Language

ps1

Deobfuscated

URLs

exe.dropper

http://45.32.153.7/filezilla/ftp/htp/xd/yk/zp/XClient.exe

Extracted

Family

xworm

Version

5.0

C2

45.32.153.7:7005

127.0.0.1:7005

Mutex

1BGj20FVtOyvp4A2

Attributes

install_file
USB.exe

aes.plain

Targets

- Target
  
  RuhsatBelgesi12ACE575 FORDKUNGA.bat
- Size
  
  1KB
- MD5
  
  be7fa3571d22850513b226ec24eef667
- SHA1
  
  4329266e1030c80af32a87387aa08afa1982ca8b
- SHA256
  
  83ac2825a5a6f97df1268c60d014182ed4be1c0088de5a8b9527a68556354570
- SHA512
  
  34e46f4a7318e1dd24909d139dd1c76b2b31f4ce1bcb4ee4a6c692d0fcbe45cfdb1a487a16d1242a536c44aaf8f3656981a0026d143e71bf951270774a067b0f
Score

10^/10

xworm discovery execution rat trojan
- Detect Xworm Payload
- Xworm
  Xworm is a remote access trojan written in C#.
  trojan rat xworm
- Xworm family
  xworm
- Blocklisted process makes network request
- Command and Scripting Interpreter: PowerShell
  Run Powershell and hide display window.
  execution
- Downloads MZ/PE file
- Executes dropped EXE
behavioral1

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Command and Scripting Interpreter

PowerShell

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

System Network Connections Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

xwormdiscoveryexecutionrattrojan