xworm | b412ff0701b365206f9da406214e5dccf883f77a00b750658fad687e95a4e2a6 | Triage

Sharing

General

Target

discordnukerv3.exe
Size

35KB
Sample

250302-2n2p8sxrs8
MD5

ec09727a0ebaf761bcaf7c5f3b799008
SHA1

d6aa602f2e7883d0fe79585ddf2093b1b513f05a
SHA256

b412ff0701b365206f9da406214e5dccf883f77a00b750658fad687e95a4e2a6
SHA512

01a113512eaa04af6f2493a24806054bb4050e1273e6fd2eacc86457df0b414e9bdd2f841b040c17cfa2c19244423a262b0a71220e1bb1861148eada44148cbc
SSDEEP

768:mo7zWVFe5fzEky1TxVPemVFyw9brVO/h6yIL:X7zWVFe6Rq8Fr9b5O/oBL

Score

10^/10

xworm persistence rat trojan

Malware Config

Extracted

Family

xworm

Version

5.0

C2

127.0.0.1:38571

Mutex

0KgKOnJZ1WSTbd2d

Attributes

Install_directory
%AppData%
install_file
XClient.exe

aes.plain

Targets

- Target
  
  discordnukerv3.exe
- Size
  
  35KB
- MD5
  
  ec09727a0ebaf761bcaf7c5f3b799008
- SHA1
  
  d6aa602f2e7883d0fe79585ddf2093b1b513f05a
- SHA256
  
  b412ff0701b365206f9da406214e5dccf883f77a00b750658fad687e95a4e2a6
- SHA512
  
  01a113512eaa04af6f2493a24806054bb4050e1273e6fd2eacc86457df0b414e9bdd2f841b040c17cfa2c19244423a262b0a71220e1bb1861148eada44148cbc
- SSDEEP
  
  768:mo7zWVFe5fzEky1TxVPemVFyw9brVO/h6yIL:X7zWVFe6Rq8Fr9b5O/oBL
Score

10^/10

xworm persistence rat trojan
- Detect Xworm Payload
- Xworm
  Xworm is a remote access trojan written in C#.
  trojan rat xworm
- Xworm family
  xworm
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Drops startup file
- Executes dropped EXE
- Adds Run key to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Scheduled Task/Job

Scheduled Task

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Scheduled Task/Job

Scheduled Task

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Scheduled Task/Job

Scheduled Task

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

xwormpersistencerattrojan

behavioral2

xwormpersistencerattrojan