xworm | 56cdb12de6a7c58f2c6a11c3cac753cdea860ce37c8ff08c172d8151c29f6bdc | Triage

Sharing

General

Target

11XClient.exe
Size

39KB
Sample

250124-w4eyhs1qbs
MD5

296a700a8f29a25171ba2178e75ec360
SHA1

9be9efc16e69b069122aadccc84771c8102f4e84
SHA256

56cdb12de6a7c58f2c6a11c3cac753cdea860ce37c8ff08c172d8151c29f6bdc
SHA512

47028edbd49bdcbaee1923a5e5b91532b94c7b2598275dedf9539bbf134ee70eceec36fed233e982e21b622a5a07e54d534444de89c69a7460c7237fa79f66d2
SSDEEP

768:LpbQys8WnicWVfT0qW5DjkNpnCQQ7FWPa9nEAOwhBaO8Q:LxY8WniZVfQR5/Fv9nJOw7T8Q

Score

10^/10

xworm persistence rat trojan

Malware Config

Extracted

Family

xworm

Version

5.0

C2

jenoks-52356.portmap.host:3675

Mutex

osXgwikr6yf5nRvn

Attributes

Install_directory
%AppData%
install_file
winconfig.exe

aes.plain

Targets

- Target
  
  11XClient.exe
- Size
  
  39KB
- MD5
  
  296a700a8f29a25171ba2178e75ec360
- SHA1
  
  9be9efc16e69b069122aadccc84771c8102f4e84
- SHA256
  
  56cdb12de6a7c58f2c6a11c3cac753cdea860ce37c8ff08c172d8151c29f6bdc
- SHA512
  
  47028edbd49bdcbaee1923a5e5b91532b94c7b2598275dedf9539bbf134ee70eceec36fed233e982e21b622a5a07e54d534444de89c69a7460c7237fa79f66d2
- SSDEEP
  
  768:LpbQys8WnicWVfT0qW5DjkNpnCQQ7FWPa9nEAOwhBaO8Q:LxY8WniZVfQR5/Fv9nJOw7T8Q
Score

10^/10

xworm persistence rat trojan
- Detect Xworm Payload
- Xworm
  Xworm is a remote access trojan written in C#.
  trojan rat xworm
- Xworm family
  xworm
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Drops startup file
- Executes dropped EXE
- Adds Run key to start application
  persistence
behavioral1

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Scheduled Task/Job

Scheduled Task

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Scheduled Task/Job

Scheduled Task

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Scheduled Task/Job

Scheduled Task

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

xwormpersistencerattrojan