xworm | 33554031f9ec302ee6640380fd88bc0aaea328591789d51e3a4b531e6ae17d89 | Triage

Sharing

General

Target

33554031f9ec302ee6640380fd88bc0aaea328591789d51e3a4b531e6ae17d89.bat
Size

92KB
Sample

250227-c3twhasnw8
MD5

56156e92af196e2d50b95a298ccd72c6
SHA1

1a4813b0824e7b3ce1cb1da6fe1f232548d8159c
SHA256

33554031f9ec302ee6640380fd88bc0aaea328591789d51e3a4b531e6ae17d89
SHA512

effb4585ff014a84b7afeb5906c93781f4514db528c0e11afd280b6d663a709042d8e668b9e3b87deeb4feb7de7110eb4b50eb37259991b4108ce6fef821651d
SSDEEP

1536:S2ieY0tuOX7Y3kT/veAk9eezSbyMLPlM4F0CkmelJjXW:CBmuW8UmkezSHLoCElA

Score

10^/10

xworm execution rat trojan

Malware Config

Extracted

Family

xworm

Version

5.0

C2

45.88.186.152:4782

Mutex

l1nSXpa16rjW1V1V

Attributes

Install_directory
%Userprofile%
install_file
WinData.exe

aes.plain

Targets

- Target
  
  33554031f9ec302ee6640380fd88bc0aaea328591789d51e3a4b531e6ae17d89.bat
- Size
  
  92KB
- MD5
  
  56156e92af196e2d50b95a298ccd72c6
- SHA1
  
  1a4813b0824e7b3ce1cb1da6fe1f232548d8159c
- SHA256
  
  33554031f9ec302ee6640380fd88bc0aaea328591789d51e3a4b531e6ae17d89
- SHA512
  
  effb4585ff014a84b7afeb5906c93781f4514db528c0e11afd280b6d663a709042d8e668b9e3b87deeb4feb7de7110eb4b50eb37259991b4108ce6fef821651d
- SSDEEP
  
  1536:S2ieY0tuOX7Y3kT/veAk9eezSbyMLPlM4F0CkmelJjXW:CBmuW8UmkezSHLoCElA
Score

10^/10

execution xworm rat trojan
- Detect Xworm Payload
- Xworm
  Xworm is a remote access trojan written in C#.
  trojan rat xworm
- Xworm family
  xworm
- Blocklisted process makes network request
- Command and Scripting Interpreter: PowerShell
  Run Powershell and hide display window.
  execution
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
- Drops file in System32 directory
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Command and Scripting Interpreter

PowerShell

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2

xwormexecutionrattrojan