xworm | 5c14590059c2133806d881fa853b627b73748a20e529afaf4c7aa2a5fce97eb3 | Triage

Sharing

General

Target

a.bat
Size

156B
Sample

250301-seckbatr19
MD5

a4b2a54bebc39707a69977648a7a2b4f
SHA1

c27b1203244796cc064b00c472cec23cd16760ce
SHA256

5c14590059c2133806d881fa853b627b73748a20e529afaf4c7aa2a5fce97eb3
SHA512

669f71ff4b75184341eec4a1d78556b2e95ffecf8f14ac6a0467d8169e8bf5b991af443f5dd1786fbef244d483cebb10400374bed3a11ada805040c4f4eb32c1

Score

10^/10

xworm execution rat trojan

Malware Config

Extracted

Family

xworm

Version

5.0

C2

127.0.0.1:7000

192.168.221.1:7000

igtot.freemyip.com:7000

Mutex

8pnN0UHcZ6GmIzoW

Attributes

install_file
USB.exe

aes.plain

Targets

- Target
  
  a.bat
- Size
  
  156B
- MD5
  
  a4b2a54bebc39707a69977648a7a2b4f
- SHA1
  
  c27b1203244796cc064b00c472cec23cd16760ce
- SHA256
  
  5c14590059c2133806d881fa853b627b73748a20e529afaf4c7aa2a5fce97eb3
- SHA512
  
  669f71ff4b75184341eec4a1d78556b2e95ffecf8f14ac6a0467d8169e8bf5b991af443f5dd1786fbef244d483cebb10400374bed3a11ada805040c4f4eb32c1
Score

10^/10

xworm execution rat trojan
- Detect Xworm Payload
- Xworm
  Xworm is a remote access trojan written in C#.
  trojan rat xworm
- Xworm family
  xworm
- Blocklisted process makes network request
- Command and Scripting Interpreter: PowerShell
  Using powershell.exe command.
  execution
behavioral1

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Command and Scripting Interpreter

PowerShell

Persistence

Privilege Escalation

Defense Evasion

Hide Artifacts

Hidden Files and Directories

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

xwormexecutionrattrojan