stormkitty | e407a948340cdfcd470f25d6a891864e2aea65f06d007cc9d7bd4893b0682319 | Triage

Submit
Reports

Overview

overview

Static

static

Xworm-V5.6....6.exe

windows7-x64

1

Xworm-V5.6....6.exe

windows10-2004-x64

Sharing

General

Target

Xworm-V5.6.rar
Size

20.9MB
Sample

250126-zrqq2atkey
MD5

fdbb726bb80ec771b3296a715153d518
SHA1

818f734ecfa2b86d06d0154db2aeb3ace92b2283
SHA256

e407a948340cdfcd470f25d6a891864e2aea65f06d007cc9d7bd4893b0682319
SHA512

b6f79f8e3182113efb6c8fb246f3bf149991a7e2255d6417d19dd478e681c08d8c3ad97d500a43609eb0dbcf5777daf58df5920e00aa40c516d5b1e46f8b3608
SSDEEP

393216:PV10n8N0/c2lDGdlMVSGpomu8u5E/ZsiLh5UirAxl9YVjxWiqcrOsb:PQn8N002A6IGS5E/RTrA89WiX9b

Score

10^/10

stormkitty xworm rat trojan

Static task

static1

stormkitty xworm

6 signatures

Behavioral task

behavioral1

Sample

Xworm-V5.6/Xworm V5.6.exe

Resource

win7-20241010-en

windows7-x64

1 signatures

150 seconds

Behavioral task

behavioral2

Sample

Xworm-V5.6/Xworm V5.6.exe

Resource

win10v2004-20241007-en

xworm rat trojan

windows10-2004-x64

18 signatures

150 seconds

Malware Config

Extracted

Family

xworm

Version

5.0

C2

127.0.0.1:7000

Mutex

LDhm3olqFg6bol9l

Attributes

install_file
USB.exe

aes.plain

Extracted

Family

xworm

C2

127.0.0.1:7000

Attributes

install_file
USB.exe

Targets

- Target
  
  Xworm-V5.6/Xworm V5.6.exe
- Size
  
  14.9MB
- MD5
  
  56ccb739926a725e78a7acf9af52c4bb
- SHA1
  
  5b01b90137871c3c8f0d04f510c4d56b23932cbc
- SHA256
  
  90f58865f265722ab007abb25074b3fc4916e927402552c6be17ef9afac96405
- SHA512
  
  2fee662bc4a1a36ce7328b23f991fa4a383b628839e403d6eb6a9533084b17699a6c939509867a86e803aafef2f9def98fa9305b576dad754aa7f599920c19a1
- SSDEEP
  
  196608:P4/BAe1d4ihvy85JhhYc3BSL1kehn4inje:PuyIhhkRka4i
Score

10^/10

xworm rat trojan
- Contains code to disable Windows Defender
  A .NET executable tasked with disabling Windows Defender capabilities such as realtime monitoring, blocking at first seen, etc.
- Detect Xworm Payload
- Xworm
  Xworm is a remote access trojan written in C#.
  trojan rat xworm
- Xworm family
  xworm
- Executes dropped EXE
- Loads dropped DLL
- Uses the VBS compiler for execution
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Command and Scripting Interpreter

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

stormkittyxworm

behavioral1

behavioral2

© 2018-2025

Terms | Privacy