xworm | 15c221467ad32d7cbcdeb41674b5701ef155694c420075f7c953b63f5663d253 | Triage

Sharing

General

Target

bootstrapper.exe
Size

33KB
Sample

250126-mmq5sazqgn
MD5

01148319be9a54a165bf44620bbe211b
SHA1

800bef6e8365dbc9eb68c825f5b961f06da257b5
SHA256

15c221467ad32d7cbcdeb41674b5701ef155694c420075f7c953b63f5663d253
SHA512

1486dae32b0972ee6c6af10275c3b75c2709448d7b11a4b58b5c041e9d2dd6e1d35f51c5292ffbf0dbc2cd62c1b23aee68dc50abaf6780893c55ece4ac6a2bd7
SSDEEP

768:OqJluIYWuThDo23/nWcF+9HtGO/h1//+k:VJ8ZW4Do2PnFF+9H0O/ruk

Score

10^/10

xworm persistence rat trojan

Malware Config

Extracted

Family

xworm

C2

prior-ks.gl.at.ply.gg:31476

Mutex

v3dd7C15JKMfEypt

Attributes

Install_directory
%AppData%
install_file
USB.exe

aes.plain

Targets

- Target
  
  bootstrapper.exe
- Size
  
  33KB
- MD5
  
  01148319be9a54a165bf44620bbe211b
- SHA1
  
  800bef6e8365dbc9eb68c825f5b961f06da257b5
- SHA256
  
  15c221467ad32d7cbcdeb41674b5701ef155694c420075f7c953b63f5663d253
- SHA512
  
  1486dae32b0972ee6c6af10275c3b75c2709448d7b11a4b58b5c041e9d2dd6e1d35f51c5292ffbf0dbc2cd62c1b23aee68dc50abaf6780893c55ece4ac6a2bd7
- SSDEEP
  
  768:OqJluIYWuThDo23/nWcF+9HtGO/h1//+k:VJ8ZW4Do2PnFF+9H0O/ruk
Score

10^/10

xworm persistence rat trojan
- Detect Xworm Payload
- Xworm
  Xworm is a remote access trojan written in C#.
  trojan rat xworm
- Xworm family
  xworm
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Drops startup file
- Executes dropped EXE
- Adds Run key to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Scheduled Task/Job

Scheduled Task

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Scheduled Task/Job

Scheduled Task

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Scheduled Task/Job

Scheduled Task

Defense Evasion

Modify Registry

Subvert Trust Controls

Install Root Certificate

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

xwormpersistencerattrojan

behavioral2

xwormpersistencerattrojan