xworm | 77852ed505ce2149e5c4515250091de593be1f6efd7a4691e752c7d51087ae2b | Triage

Sharing

General

Target

Fixissue.exe
Size

88KB
Sample

250228-nr678syvct
MD5

f81aed7b7807505568f1ad242811a1d1
SHA1

7f29aa252de5e2a79bfd1aa22fad70dcfaad7ea2
SHA256

77852ed505ce2149e5c4515250091de593be1f6efd7a4691e752c7d51087ae2b
SHA512

6e007968fe1ce955f37c86d6374b3f0b52ed1ba56e5c0e1ede627f2717525175022f3d711d89223a48145f20c9e68ac52fe1a5c116df0dec664d2dd3b55a0c22
SSDEEP

1536:Tz6ILBzTC5eTT5gRr1fos90EE/T9bpuktV1njMPqeMU87Jj+/Oc9Wump/kF4g5me:6ILtImdm1fos90Ea9bpukpnjMT2jKOcB

Score

10^/10

xworm persistence rat trojan

Malware Config

Extracted

Family

xworm

C2

transfer-grip.gl.at.ply.gg:32773

Attributes

Install_directory
%AppData%
install_file
XClient.exe

Targets

- Target
  
  Fixissue.exe
- Size
  
  88KB
- MD5
  
  f81aed7b7807505568f1ad242811a1d1
- SHA1
  
  7f29aa252de5e2a79bfd1aa22fad70dcfaad7ea2
- SHA256
  
  77852ed505ce2149e5c4515250091de593be1f6efd7a4691e752c7d51087ae2b
- SHA512
  
  6e007968fe1ce955f37c86d6374b3f0b52ed1ba56e5c0e1ede627f2717525175022f3d711d89223a48145f20c9e68ac52fe1a5c116df0dec664d2dd3b55a0c22
- SSDEEP
  
  1536:Tz6ILBzTC5eTT5gRr1fos90EE/T9bpuktV1njMPqeMU87Jj+/Oc9Wump/kF4g5me:6ILtImdm1fos90Ea9bpukpnjMT2jKOcB
Score

10^/10

xworm persistence rat trojan
- Detect Xworm Payload
- Xworm
  Xworm is a remote access trojan written in C#.
  trojan rat xworm
- Xworm family
  xworm
- Drops startup file
- Adds Run key to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Modify Registry

Credential Access

Discovery

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

xwormpersistencerattrojan

behavioral2

xwormpersistencerattrojan