xworm | 7367d1b56aca0b585cef8466d8d9a83dac03f0e6d81f9e89567c10a2cc44a4bc | Triage

Sharing

General

Target

b.ps1
Size

181KB
Sample

250126-llhxcazjdn
MD5

b5008db49b4ac5e668451b9a34ce2b76
SHA1

820ebe8c35bf4c57e1e439e4b10cee8186c444d3
SHA256

7367d1b56aca0b585cef8466d8d9a83dac03f0e6d81f9e89567c10a2cc44a4bc
SHA512

43e8929ec5f728ee53f9a2b378f1949a789ac1e0a92fea559541444b39a3ca8da9911751bda6d37d30831f60af8b0356c4294b695de303cdd076c7c9b550c754
SSDEEP

3072:ZcUKZ20H5qt7ABLmYOlba6c5GdOa7MQrq3v0ayW3sfc4xDAmMz/zlZVdtj0QGTgn:ZcB20H5qt7ABLmYOlba6c5GdOa7MQrq/

Score

10^/10

xworm discovery execution rat trojan

Malware Config

Extracted

Family

xworm

C2

176.113.115.228:4412

Attributes

install_file
USB.exe

Targets

- Target
  
  b.ps1
- Size
  
  181KB
- MD5
  
  b5008db49b4ac5e668451b9a34ce2b76
- SHA1
  
  820ebe8c35bf4c57e1e439e4b10cee8186c444d3
- SHA256
  
  7367d1b56aca0b585cef8466d8d9a83dac03f0e6d81f9e89567c10a2cc44a4bc
- SHA512
  
  43e8929ec5f728ee53f9a2b378f1949a789ac1e0a92fea559541444b39a3ca8da9911751bda6d37d30831f60af8b0356c4294b695de303cdd076c7c9b550c754
- SSDEEP
  
  3072:ZcUKZ20H5qt7ABLmYOlba6c5GdOa7MQrq3v0ayW3sfc4xDAmMz/zlZVdtj0QGTgn:ZcB20H5qt7ABLmYOlba6c5GdOa7MQrq/
Score

10^/10

execution xworm discovery rat trojan
- Detect Xworm Payload
- Xworm
  Xworm is a remote access trojan written in C#.
  trojan rat xworm
- Xworm family
  xworm
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Command and Scripting Interpreter

PowerShell

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2

xwormdiscoveryexecutionrattrojan