xworm | 17cb8ec97c8e4939edea0a9b3e1ce1597758a5131b2ea2b63316cc2e538b10bf | Triage

Resubmissions

04/02/2025, 20:50

250204-zmyk3stkep 10

Sharing

General

Target

XClient.exe
Size

32KB
Sample

250204-zmyk3stkep
MD5

29472f37159588f215ab330519c41c8e
SHA1

e1b7917270b70946a4b96c54fb04481b78c9c4a2
SHA256

17cb8ec97c8e4939edea0a9b3e1ce1597758a5131b2ea2b63316cc2e538b10bf
SHA512

1c118c98f52f3db77af0afa448f6b002065a476332bb6b56feca7ba7493cef6d9ab3dc5cf5fed2a2f68cb93782f5741be5b81adf050a520d782c8559449031a5
SSDEEP

384:YEbmX5Qa+vN1h1+X3v6JFjL+g93Tm2eaFO4FzRApkFTBLTsOZwpGd2v99IkuisxF:dVa+vNtg+PB93Tw49FzVFE9juOjh2bf

Score

10^/10

xworm rat trojan

Malware Config

Extracted

Family

xworm

Version

5.0

C2

0.0.0.0:7000

Mutex

kIy6rQrEWqfuHMNk

Attributes

install_file
USB.exe

aes.plain

Targets

- Target
  
  XClient.exe
- Size
  
  32KB
- MD5
  
  29472f37159588f215ab330519c41c8e
- SHA1
  
  e1b7917270b70946a4b96c54fb04481b78c9c4a2
- SHA256
  
  17cb8ec97c8e4939edea0a9b3e1ce1597758a5131b2ea2b63316cc2e538b10bf
- SHA512
  
  1c118c98f52f3db77af0afa448f6b002065a476332bb6b56feca7ba7493cef6d9ab3dc5cf5fed2a2f68cb93782f5741be5b81adf050a520d782c8559449031a5
- SSDEEP
  
  384:YEbmX5Qa+vN1h1+X3v6JFjL+g93Tm2eaFO4FzRApkFTBLTsOZwpGd2v99IkuisxF:dVa+vNtg+PB93Tw49FzVFE9juOjh2bf
Score

10^/10

xworm rat trojan
- Detect Xworm Payload
- Xworm
  Xworm is a remote access trojan written in C#.
  trojan rat xworm
- Xworm family
  xworm
behavioral1

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Peripheral Device Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1