Overview

overview

10

Static

static

10

xworm5.6_3_1.rar

windows11-21h2-x64

1

Xworm-V5.6...op.dll

windows11-21h2-x64

1

Xworm-V5.6...PE.dll

windows11-21h2-x64

1

Xworm-V5.6...ll.dll

windows11-21h2-x64

1

Xworm-V5.6...er.dll

windows11-21h2-x64

1

Xworm-V5.6....6.exe

windows11-21h2-x64

10

Resubmissions

22-02-2025 06:08

250222-gv1rasyrdx 10

22-02-2025 06:02

250222-grpvmayqgx 10

22-02-2025 05:46

250222-ggbj9aypbv 10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    xworm5.6_3_1.rar

  • Size

    20.9MB

  • Sample

    250222-gv1rasyrdx

  • MD5

    fdbb726bb80ec771b3296a715153d518

  • SHA1

    818f734ecfa2b86d06d0154db2aeb3ace92b2283

  • SHA256

    e407a948340cdfcd470f25d6a891864e2aea65f06d007cc9d7bd4893b0682319

  • SHA512

    b6f79f8e3182113efb6c8fb246f3bf149991a7e2255d6417d19dd478e681c08d8c3ad97d500a43609eb0dbcf5777daf58df5920e00aa40c516d5b1e46f8b3608

  • SSDEEP

    393216:PV10n8N0/c2lDGdlMVSGpomu8u5E/ZsiLh5UirAxl9YVjxWiqcrOsb:PQn8N002A6IGS5E/RTrA89WiX9b

Score
10/10
stormkittyxwormdiscoveryrattrojan

Malware Config

Extracted

Family

xworm

Version

5.0

C2

127.0.0.1:7000

Mutex

KtwC238hcu6xaGmy

Attributes
  • install_file

    USB.exe

aes.plain

Extracted

Family

xworm

C2

127.0.0.1:7000

Attributes
  • install_file

    USB.exe

Targets

    • Target

      xworm5.6_3_1.rar

    • Size

      20.9MB

    • MD5

      fdbb726bb80ec771b3296a715153d518

    • SHA1

      818f734ecfa2b86d06d0154db2aeb3ace92b2283

    • SHA256

      e407a948340cdfcd470f25d6a891864e2aea65f06d007cc9d7bd4893b0682319

    • SHA512

      b6f79f8e3182113efb6c8fb246f3bf149991a7e2255d6417d19dd478e681c08d8c3ad97d500a43609eb0dbcf5777daf58df5920e00aa40c516d5b1e46f8b3608

    • SSDEEP

      393216:PV10n8N0/c2lDGdlMVSGpomu8u5E/ZsiLh5UirAxl9YVjxWiqcrOsb:PQn8N002A6IGS5E/RTrA89WiX9b

    Score
    1/10
    behavioral1

    • Target

      Xworm-V5.6/Plugins/RemoteDesktop.dll

    • Size

      18KB

    • MD5

      e6367d31cf5d16b1439b86ae6b7b31c3

    • SHA1

      f52f1e73614f2cec66dab6af862bdcb5d4d9cf35

    • SHA256

      cc52384910cee944ddbcc575a8e0177bfa6b16e3032438b207797164d5c94b34

    • SHA512

      8bc78a9b62f4226be146144684dc7fcd085bcf4d3d0558cb662aacc143d1438b7454e8ac70ca83ebeedc2a0fcea38ad8e77a5d926a85254b5a7d420a5605538a

    • SSDEEP

      384:nKr81F+CoNFZpeg7qX+mK3sxjt9l/C6I5YxBXWKeVFjyJ:KTvZY4gTPXBojG

    Score
    1/10
    behavioral2

    • Target

      Xworm-V5.6/Plugins/RunPE.dll

    • Size

      11KB

    • MD5

      224be01635cff2dca827fbdeaddb983c

    • SHA1

      11fa00c5e172c9cd1c81acaef52934f785f91374

    • SHA256

      7adfe849345edd76aa975b0647fed2ccaa5f4a6aaf7d55f488af939c0dbef153

    • SHA512

      1a4915b7b21e8166a6ddb6460c77e02c306a460c08fc7ee574832b0576c827db343eda9533959298819ee443790769328ad580fc67fe4817110b63d49248c736

    • SSDEEP

      192:vbfqh94qP9XFw3l+JNGGOueq1JtSnIW1fUse2po7SLOYN:vbChWqPj5jJtGUse2poHYN

    Score
    1/10
    behavioral3

    • Target

      Xworm-V5.6/Plugins/Shell.dll

    • Size

      14KB

    • MD5

      04609b39e656e297db73be0d02c7e35e

    • SHA1

      f8abd484e7703a4d9629b033e8ec39c82eaf4654

    • SHA256

      6c69b4d45638097e31169d94914e4acb6a8cc7f46788ffa4f241e4c1efb213bb

    • SHA512

      11a88d55497fedeeb05b146ebd3135755aeb08c4596e9379eec83501e734aa6ba926d9bbda1c5f50e361836d65ea88d2c018f0b4b4b668c82ff2163730eaaf27

    • SSDEEP

      192:TDXwH3m0L3G33Kkw720sM76ODzKOFBLggT051i9Yd6IW1OU1YoWPbs5cLWT:oH3m0GqHT76OSUXT0HoYpU1XWoxT

    Score
    1/10
    behavioral4

    • Target

      Xworm-V5.6/Plugins/StartupManager.dll

    • Size

      188KB

    • MD5

      3d76ef15ab712b93eabd4b68ea0111d5

    • SHA1

      0f309663fae17c4ccae983e1fabb16a1e5f77d9b

    • SHA256

      1802e16379d96021fee05f583633c8091bb669350b7d32064179a8944d45a5a6

    • SHA512

      6c0d0291abb696bee33b6e42392b07028c82bcffc8fb7934ba234f178f011ab14fde38cdccb322c8dba058ae66fc023349de5db1c587d3417709bf263cfd28f3

    • SSDEEP

      3072:7ITmgSRcBHAt+yM1KlUKEHBAnpK37nXnF8KBOQv174Syoh2sKdm/vl7bQcX1Okta:7MmgSRcBHAt+yM1KlU18g1xNYVc

    Score
    1/10
    behavioral5

    • Target

      Xworm-V5.6/Xworm V5.6.exe

    • Size

      14.9MB

    • MD5

      56ccb739926a725e78a7acf9af52c4bb

    • SHA1

      5b01b90137871c3c8f0d04f510c4d56b23932cbc

    • SHA256

      90f58865f265722ab007abb25074b3fc4916e927402552c6be17ef9afac96405

    • SHA512

      2fee662bc4a1a36ce7328b23f991fa4a383b628839e403d6eb6a9533084b17699a6c939509867a86e803aafef2f9def98fa9305b576dad754aa7f599920c19a1

    • SSDEEP

      196608:P4/BAe1d4ihvy85JhhYc3BSL1kehn4inje:PuyIhhkRka4i

    Score
    10/10
    xwormdiscoveryrattrojan

    • Detect Xworm Payload

    • Xworm

      Xworm is a remote access trojan written in C#.

      trojanratxworm

    • Xworm family

      xworm

    • Executes dropped EXE

    • Uses the VBS compiler for execution

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    behavioral6

MITRE ATT&CK Enterprise v15

Tasks