Overview

overview

10

Static

static

10

XWorm V5.6.rar

windows11-21h2-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    XWorm V5.6.rar

  • Size

    28.4MB

  • Sample

    250129-xbcs5avmgl

  • MD5

    ae964c40d3d4685854dd99ee42c5bede

  • SHA1

    ecb17be9b845e8f5197d323081e5b175c3f3776b

  • SHA256

    c3dbb0cdfb5ffc4c6165592894ce40ef5c4eb08cab0fc0eba653754c1e9226c4

  • SHA512

    7add1340cba6bd70c32c293d645249083fa1b68b8031c959e4642f89842fafbcdcea65a072182bbab4b8e45849553d7a032847c514ee2f386b53efa5c5d1ed98

  • SSDEEP

    786432:RUfB6rabFkApfjyzdw35cJ0BJwE8FWH3s9z/H/hE2:Rgx6MfEw35c3PFWEi2

Score
10/10
stormkittyxwormexecutionrattrojan

Malware Config

Targets

    • Target

      XWorm V5.6.rar

    • Size

      28.4MB

    • MD5

      ae964c40d3d4685854dd99ee42c5bede

    • SHA1

      ecb17be9b845e8f5197d323081e5b175c3f3776b

    • SHA256

      c3dbb0cdfb5ffc4c6165592894ce40ef5c4eb08cab0fc0eba653754c1e9226c4

    • SHA512

      7add1340cba6bd70c32c293d645249083fa1b68b8031c959e4642f89842fafbcdcea65a072182bbab4b8e45849553d7a032847c514ee2f386b53efa5c5d1ed98

    • SSDEEP

      786432:RUfB6rabFkApfjyzdw35cJ0BJwE8FWH3s9z/H/hE2:Rgx6MfEw35c3PFWEi2

    Score
    10/10
    xwormexecutionrattrojan

    • Detect Xworm Payload

    • Xworm

      Xworm is a remote access trojan written in C#.

      trojanratxworm

    • Xworm family

      xworm

    • Command and Scripting Interpreter: PowerShell

      Run Powershell to modify Windows Defender settings to add exclusions for file extensions, paths, and processes.

      execution

    • .NET Reactor proctector

      Detects an executable protected by an unregistered version of Eziriz's .NET Reactor.

    • Executes dropped EXE

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    • Drops file in System32 directory

    behavioral1

MITRE ATT&CK Enterprise v15

Tasks