stormkitty | 95836339b5940c5470c1362edf291941507adaf6a59bb1827b054cd85ca753b8

Resubmissions

26/01/2025, 22:14

250126-154qgswnet 10

26/01/2025, 22:10

250126-13tgqsxnaj 10

Sharing

Copy URL

Twitter E-mail

General

Target

XWorm V5.6.rar
Size

20.9MB
Sample

250126-154qgswnet
MD5

c4a971e4db488afd8b8a4c3946a2f726
SHA1

0e5d39de2ff550deff505bb6230d2a84b4285e7c
SHA256

95836339b5940c5470c1362edf291941507adaf6a59bb1827b054cd85ca753b8
SHA512

d6ec0af5f6c9dd82ef6a4e1d24c11f84bd7191aa709171e60c621272a5f7a44f5fce1e78d4a3a7818acaca2706adf09fec07b0ae151ecc055f9d6056acb532dc
SSDEEP

393216:KV08kfP8p7e6Db/IPipIxzoBJYFB7SiEfJPBA+XVGVr45yxRxmduoM7:KG8QP8p7bjzAzoBJ07SiEfnxlk85ytCi

Score

10^/10

Malware Config

Extracted

Family

xworm

Version

5.0

127.0.0.1:7000

Mutex

HnKkfiGA2h0fSkyW

Attributes

install_file
USB.exe

aes.plain

Targets

- Target
  
  XWorm V5.6.rar
- Size
  
  20.9MB
- MD5
  
  c4a971e4db488afd8b8a4c3946a2f726
- SHA1
  
  0e5d39de2ff550deff505bb6230d2a84b4285e7c
- SHA256
  
  95836339b5940c5470c1362edf291941507adaf6a59bb1827b054cd85ca753b8
- SHA512
  
  d6ec0af5f6c9dd82ef6a4e1d24c11f84bd7191aa709171e60c621272a5f7a44f5fce1e78d4a3a7818acaca2706adf09fec07b0ae151ecc055f9d6056acb532dc
- SSDEEP
  
  393216:KV08kfP8p7e6Db/IPipIxzoBJYFB7SiEfJPBA+XVGVr45yxRxmduoM7:KG8QP8p7bjzAzoBJ07SiEfnxlk85ytCi
Score

10^/10

xworm persistence privilege_escalation rat trojan
- Detect Xworm Payload
- Xworm
  Xworm is a remote access trojan written in C#.
  trojan rat xworm
- Xworm family
  xworm
- Executes dropped EXE
- Uses the VBS compiler for execution
behavioral1 behavioral2
- Target
  
  XWorm V5.6/RES/XWorm.MBox.resources
- Size
  
  107KB
- MD5
  
  ffbc6e01f688097960937446350eb01d
- SHA1
  
  6753b872c838f2439e91fbab20671cdcd7bc3d1e
- SHA256
  
  a2a724d05f289fe51f6a3639937c460764ee42935c6eddbd5f7cc7ab6d26954a
- SHA512
  
  2cfa07a45ed9b8547a9ca303d66a71c943f1723fcd692d9d8f5f20f6ce9671e5e5f11bbb2ba7d6e41a27806bbbb7ecfd2f7e7d37af5420aa3c68b0f64dc9c6fa
- SSDEEP
  
  768:hFGla/np/wpRGZPdKOqoJLTapjappD+2f:jDfd3ckHjf
Score

3^/10

discovery
behavioral3 behavioral4
- Target
  
  XWorm V5.6/RES/XWorm.MIC.resources
- Size
  
  119KB
- MD5
  
  d079b64991e7ae90dcb355f1036831cf
- SHA1
  
  980f639c4e3db7cea44ab28e40ccdd2c728ee179
- SHA256
  
  aa4f13af48d1d3b3735a732e90163e6d302fe33a8f0041933dc76427f099aece
- SHA512
  
  e6e5e21438d7b60eb9f7b6d8cc9e2a672e15dd5af2cecdfbc63dfce8e371982abbb951ce052e731daec9c86f356af54e81623dc7e72ff36a802907345d52f6b1
- SSDEEP
  
  768:moZmmittmc9ik83EavHr/QS99wkwcMPliv+j4bctbK:5etYOC3lvHr/39Kcki2jAMbK
Score

3^/10

discovery
behavioral5 behavioral6
- Target
  
  XWorm V5.6/RES/XWorm.Main.resources
- Size
  
  1.8MB
- MD5
  
  8d7f5438261b974eaf34287253799b87
- SHA1
  
  086e994fa1ce12ebeba3c134ec9af69244e8c2e0
- SHA256
  
  35a6f657c6d1db902ff3fbb3149e629acbf926c7c244bbce502c0b65cd2c536d
- SHA512
  
  2e33671bf500e8a3727181e14cea8be2d4f77d4422720710056676ce4f8e6b4b2b3a9f38a0713750e7363c52af097ebb5c489c45d46c5627236d6afc81e67f67
- SSDEEP
  
  24576:nm8179dddddNjYkDTFKlDy/Y3BZabuwVAeNgFfWN:nm815ddddde+MlDyg3BZaSI
Score

3^/10

discovery
behavioral7 behavioral8
- Target
  
  XWorm V5.6/RES/XWorm.Maps.resources
- Size
  
  140KB
- MD5
  
  ed0eb94f77f681a3600539bb9a6cb6f5
- SHA1
  
  b176e3455cd0224448e9d9b4b015789c794d8b06
- SHA256
  
  f690fd15ad3c3150a48fd33962b44ec118bb3f9b210f0d0b27e3ee83420c73f4
- SHA512
  
  8e097d3d8617043419154821d9721bd4f7e16f12a19f7e8873c8086872540c61e4d932e43515573eac08372a243c0ead855ebfe5488a1e6e53142c44cbb5eebb
- SSDEEP
  
  1536:jjbwDfOmcgfteiMWWZoSp9wmLZoSp9wmT:nSfO0tkZAMZAA
Score

3^/10

discovery
behavioral10 behavioral9
- Target
  
  XWorm V5.6/RES/XWorm.Performance.resources
- Size
  
  106KB
- MD5
  
  4c7233c83c2f749762fa0e000021e5e3
- SHA1
  
  9b1a4826da8279f52aae9cf29570dd2679ada1bb
- SHA256
  
  16ea3b81c6f9ad74d27c621f0b8485929dcbe293435b151124c388aa66f09c52
- SHA512
  
  0f9b830fb139173f321a78b32b3166271cd5345df85b63b2a797e38cf3fa441715cc648e89768bf12bcdfcdb621273eb53b62d6fd66f5cabf6b8c40d3474174f
- SSDEEP
  
  1536:LcP/zyxY/FVGJ+j+chraMRNPnLRhtAN4RRH9nl85gi:yyu/FVG8jbraMRDA
Score

3^/10

discovery
behavioral11 behavioral12
- Target
  
  XWorm V5.6/RES/XWorm.Port.resources
- Size
  
  139KB
- MD5
  
  faf23924f3c859e9d570109d930928e1
- SHA1
  
  6003549ef256bac573ff809a9a5d967b8106f9ab
- SHA256
  
  bd3da4a9c29cb564c774bd8b8c0b79078f09b037cf2f3a8fa2566648f68a012c
- SHA512
  
  227f0c0245ff48955a1ba95fcae513237c1d4f548ccba955c4b26a633e7330a312fcdea474dc87f2847b51a3694427f5227f60a77dd5168760cf28b770ee3fd3
- SSDEEP
  
  1536:wi2AP+ew+ksEvCwVwLM+uvpIVyXJyozbGyMqmyVttdGFQeOPigp3dIHyYNSL:2A2ewhLapuvpAsZOyMqmyBeYVYi
Score

3^/10

discovery
behavioral13 behavioral14
- Target
  
  XWorm V5.6/RES/XWorm.ProcessV.resources
- Size
  
  67KB
- MD5
  
  abfd25fb3ace375c63f8e9cd4ecff32c
- SHA1
  
  d7b7f30bd62e17e1da6bad889b9f77d93c795039
- SHA256
  
  1e1b3bd4c4dfe056edf30fba8d6bbf94665e9bcf936ab06db79213e8b400b61f
- SHA512
  
  d8c0546d1ee9a35a7b8a3b9304ad63794b1e71d014f8c45145b60343f8140457a8711065f7a2aa87e68e1d564a45171425adab9b83adbe9491afe065d990fe0a
- SSDEEP
  
  1536:io7ETH1QatyHkrVOceYM4pjq9bTQPmbYakBxBW/7jpYaGs:VYLe7HkrVOilyTaxw7jpY7s
Score

3^/10

discovery
behavioral15 behavioral16
- Target
  
  XWorm V5.6/RES/XWorm.Programs.resources
- Size
  
  164KB
- MD5
  
  9f05c761cba903361771cea155ede6fb
- SHA1
  
  af0311816e6f1315bf29e5a42ac3d75adf71d115
- SHA256
  
  55c19900015145bee8c83f27ca58032550871a92047abf6166dbf547b6afa505
- SHA512
  
  d4e049c341deeb7376e7def96e071808c9e04e085171b46af7f7096f52cf4288df19d3c2aa2c87816a6eaf5feb3f2257bd58e93f582498ad8e4fd4bcc652859c
- SSDEEP
  
  3072:XfH6ZxP8NJAceI82I98CBCYLe7HkrVOiqyTaxw7jpY7s:XfH6ZxP8NJAceI82I98CBebq9TW7s
Score

3^/10

discovery
behavioral17 behavioral18
- Target
  
  XWorm V5.6/RES/XWorm.Proxy.resources
- Size
  
  108KB
- MD5
  
  d6e648329cd1473e66a01a9402e907d7
- SHA1
  
  ebe34259546be5638bde8ae75f96d6f70e3da62b
- SHA256
  
  ee84fb0146a0a7e6bb8506159eaf12fc2888ae87b0553e1cb031e044830584dc
- SHA512
  
  0d44e33084f163b0d56798ace44294825fd76478acf303ca03bbdf6dfa286cf8cd0677c50fc1a422073ec7498d13aeeaebfb89b1a4eefd55dd010c6c23c1a7ec
- SSDEEP
  
  768:+SEnnnXXXXHXXX/fffbyuyuyuyonnny/vXH/zLHvEppicZXvZZHf+m:+SEnnnHXXX/fff3nnny///zLHv6JZ/D
Score

3^/10

discovery
behavioral19 behavioral20
- Target
  
  XWorm V5.6/RES/XWorm.Ransomware.resources
- Size
  
  101KB
- MD5
  
  c653b8b3f18eb2a2882c2f3905b2380a
- SHA1
  
  62235a88bc833fe7a41c9da2e5766306a026e144
- SHA256
  
  bcea581804fc0d0e1d66c76a47f9b7bd40b81578bff0241bb4155a0c67486a46
- SHA512
  
  a01927f5a4f3b1d838919074c42125d60d6e50af3e876bf614f0dd264627234973ba4b642f30040332c328587340be82f6057a5130baa0d79851fede67069a4c
- SSDEEP
  
  384:r0vwtokwOdwq6upS9LvgUuYkYezHbMTb7+JZf5NXJAdDzMwA6jp:Y9XuYkYez67+JZ58zf
Score

3^/10

discovery
behavioral21 behavioral22
- Target
  
  XWorm V5.6/RES/XWorm.Registry.resources
- Size
  
  169KB
- MD5
  
  d098b950169502933b9ef1f417f25172
- SHA1
  
  8f40b86fa8a986588788676ecdcad5bf55c586d7
- SHA256
  
  ce34680ff2984c6c4766889684a358358711d2cdf3171813ff768d7f1c9c53de
- SHA512
  
  4a38f88db6a585d6a47e6da36ac8aceb15825453e5ff4804b2943be9e4053fb85206e473115e72a86c4b0c2d13fa9a1ae18ed7d96b52edd050e7e918fed33317
- SSDEEP
  
  1536:6s67ETH1QatyHkrVOceYMa7ETH1QatyHkrVOceYMJ:6NYLe7HkrVOipYLe7HkrVOi8
Score

3^/10

discovery
behavioral23 behavioral24
- Target
  
  XWorm V5.6/RES/XWorm.RemoteDesktop.resources
- Size
  
  99KB
- MD5
  
  0f5fc0694c9d76a6fd5b7e4158fd03e3
- SHA1
  
  aa7eb852f5743e456e5737ca25e7b75ca7349b42
- SHA256
  
  1dc136b225528fe4ee8020f46aa549e4bbdd76493d0579b6c1837d10acc3ba13
- SHA512
  
  af3c1ff80a247ac8ee6440ff4410460603430f24557dce392b90961b77a2d978b6b75a9a606ca433ce16cc565d07c2b5fc41413c1229147194b24bbc1869c67a
- SSDEEP
  
  384:rkvwKwq6uD0hAAAgAAAgAAAgAAAliIGzl8nnnJP5JJJJRetmJJJJ5gCnnnsjBy:rDnzly
Score

3^/10

discovery
behavioral25 behavioral26
- Target
  
  XWorm V5.6/RES/XWorm.Resources.resources
- Size
  
  1.6MB
- MD5
  
  34986e38b463873af40f694874c1f6d3
- SHA1
  
  8fa89cdb7a394cf8093d548ca9db4652c703ee72
- SHA256
  
  557058bd29a5eb55ef073ea9c4dec0baea1fd3f3f4bf2cdd5ee3dfd33735e93a
- SHA512
  
  c1b0278e8c21e5c28204f692a5cf5ed16c8ada0c6022d7d38e70905255f3aeb5d2c0fd4549f0ed19ead52aa0ced891a8f9372123bf5e1710be004958750874e4
- SSDEEP
  
  49152:OsP2WTJcLsk9Pk6gAK6BN2NQUe+ErnuVqjNhHXH:zuWTGLP9Pk6gAK6n4ldyNh3
Score

1^/10
behavioral27 behavioral28
- Target
  
  XWorm V5.6/RES/XWorm.RunPE.resources
- Size
  
  103KB
- MD5
  
  147c16f102addfdd7b756b8ee1558b82
- SHA1
  
  e9aa9624bb96d369aa905d14e03db625d17d00f6
- SHA256
  
  823554153d20aabf65c8635b7727dd6f26f14f79da929de9af8131314ec2c347
- SHA512
  
  2df2784f5284e0808224a58fec6e12f02a5e09001c77991bf643b4304d99b633a3511551ef42e2e64f1ad6e5de0a44ff2c3b358413dd6ea6a9b08c0dfc592c38
- SSDEEP
  
  384:rkvwKwq6u29Ax59IWzT9DfLtFbm44XdZcGe5Eas1gMVuM:D9Ax5x9vtFbm44XdZNeG3
Score

3^/10

discovery
behavioral29 behavioral30
- Target
  
  XWorm V5.6/RES/XWorm.ServiceManager.resources
- Size
  
  221KB
- MD5
  
  776d31cf63f902ede47ccd1e09c463cd
- SHA1
  
  a45e4761bc40019d6e5b72ece5d731c520d91303
- SHA256
  
  fc7906c147eb0066e6cee2a528ab531b6d0ad1eb0b0a4d2a32a1be422809ecb9
- SHA512
  
  f8f099d291b0ecab01d84d0c4f4480c7ea266cc79f1071d71c71ca3113f6c8594d82f192feb3b136be0e007542da1cc6a7b28b860bb3ee2e0e7747b75222bf0e
- SSDEEP
  
  3072:VqR3kbym/bBGIgEJjHbD1yLHpkv+GhSx7BQFgfMyd9tbYLe7HkrVOih:lbJGcJj7D1cJkPhCprxbq9h
Score

3^/10

discovery
behavioral31 behavioral32

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Command and Scripting Interpreter

T1059

Persistence

Event Triggered Execution

T1546

Accessibility Features

T1546.008

Privilege Escalation

Event Triggered Execution

T1546

Accessibility Features

T1546.008

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Resubmissions

Sharing

General

Malware Config

Extracted

Targets

Detect Xworm Payload

Xworm

Xworm family

Executes dropped EXE

Uses the VBS compiler for execution

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2

behavioral3

behavioral4

behavioral5

behavioral6

behavioral7

behavioral8

behavioral9

behavioral10

behavioral11

behavioral12

behavioral13

behavioral14

behavioral15

behavioral16

behavioral17

behavioral18

behavioral19

behavioral20

behavioral21

behavioral22

behavioral23

behavioral24

behavioral25

behavioral26

behavioral27

behavioral28

behavioral29

behavioral30

behavioral31

behavioral32