xworm | e9f13171bfd91a86ed53ac962dc382c975ec6f9287e5a0388f9a5e9df4476e8f | Triage

Sharing

General

Target

CokeSense Beta.exe
Size

237KB
Sample

250125-zj4mxs1mhk
MD5

d80cf9d4594b6517813ad887bcd9df4a
SHA1

53f4e025d721c2aea3ef5b7fc59264e19cc3dac3
SHA256

e9f13171bfd91a86ed53ac962dc382c975ec6f9287e5a0388f9a5e9df4476e8f
SHA512

7eeedf423dbcf3a4107b271de339d9c825f703464fb88303ddaff2f4afeeb687330d8abd62e077fb79c58cd167a326783e6050e1b11ba1a7cc93e01272dbddf0
SSDEEP

6144:udbSbGGqRPOUhcX7elbKTua9bfF/H9d9n:UbRGsO3X3u+

Score

10^/10

xworm persistence rat trojan

Malware Config

Extracted

Family

xworm

C2

127.0.0.1:7676

Attributes

Install_directory
%Userprofile%
install_file
Startup.exe

Targets

- Target
  
  CokeSense Beta.exe
- Size
  
  237KB
- MD5
  
  d80cf9d4594b6517813ad887bcd9df4a
- SHA1
  
  53f4e025d721c2aea3ef5b7fc59264e19cc3dac3
- SHA256
  
  e9f13171bfd91a86ed53ac962dc382c975ec6f9287e5a0388f9a5e9df4476e8f
- SHA512
  
  7eeedf423dbcf3a4107b271de339d9c825f703464fb88303ddaff2f4afeeb687330d8abd62e077fb79c58cd167a326783e6050e1b11ba1a7cc93e01272dbddf0
- SSDEEP
  
  6144:udbSbGGqRPOUhcX7elbKTua9bfF/H9d9n:UbRGsO3X3u+
Score

10^/10

xworm persistence rat trojan
- Detect Xworm Payload
- Xworm
  Xworm is a remote access trojan written in C#.
  trojan rat xworm
- Xworm family
  xworm
- Drops startup file
- Adds Run key to start application
  persistence
behavioral1

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Modify Registry

Credential Access

Discovery

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

xwormpersistencerattrojan