xworm | 2d5a382624237fade7c49a67d13c5a6b04ba26d47fe8035495887ccbddd9a402 | Triage

Sharing

General

Target

2d5a382624237fade7c49a67d13c5a6b04ba26d47fe8035495887ccbddd9a402.exe
Size

31.3MB
Sample

250227-c2fmgs1xfs
MD5

0f12b48bb4e1e3c5910b87c9bb5ec37e
SHA1

d9a9693f43a5780624caafd4ea8fa79513f6910a
SHA256

2d5a382624237fade7c49a67d13c5a6b04ba26d47fe8035495887ccbddd9a402
SHA512

268c94e6a785048851a19a3684fd87488dc1e0340e5b8998162d46028d4d547e86399470d54a7c7ccd487e4adf4731b33f3a4f0609cd7737bc38379cd10f22d3
SSDEEP

786432:YH3qXhRq3lSRVhPEj8a2fjesiwt+ZZ77lqsgcxw:YQy3lS58YLbKwUZjqsnq

Score

10^/10

xworm persistence rat trojan

Malware Config

Extracted

Family

xworm

Version

5.0

C2

192.168.50.50:4444

Mutex

rPPyOfH6SR3vpFBy

Attributes

install_file
USB.exe

aes.plain

Targets

- Target
  
  2d5a382624237fade7c49a67d13c5a6b04ba26d47fe8035495887ccbddd9a402.exe
- Size
  
  31.3MB
- MD5
  
  0f12b48bb4e1e3c5910b87c9bb5ec37e
- SHA1
  
  d9a9693f43a5780624caafd4ea8fa79513f6910a
- SHA256
  
  2d5a382624237fade7c49a67d13c5a6b04ba26d47fe8035495887ccbddd9a402
- SHA512
  
  268c94e6a785048851a19a3684fd87488dc1e0340e5b8998162d46028d4d547e86399470d54a7c7ccd487e4adf4731b33f3a4f0609cd7737bc38379cd10f22d3
- SSDEEP
  
  786432:YH3qXhRq3lSRVhPEj8a2fjesiwt+ZZ77lqsgcxw:YQy3lS58YLbKwUZjqsnq
Score

10^/10

xworm persistence rat trojan
- Detect Xworm Payload
- Xworm
  Xworm is a remote access trojan written in C#.
  trojan rat xworm
- Xworm family
  xworm
- Executes dropped EXE
- Adds Run key to start application
  persistence
behavioral1

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Modify Registry

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

xwormpersistencerattrojan