xworm | 8815d4597cdc668da03392cab1118fda3988a5e0a16bb64711cfc188358887a8 | Triage

Sharing

General

Target

MeeVSpoofer.rar
Size

24.1MB
Sample

250302-q573sswps9
MD5

7797b922d3e1adb0b167bccc4735d534
SHA1

0591df178752dd4cf3a82628fa445074c5909f13
SHA256

8815d4597cdc668da03392cab1118fda3988a5e0a16bb64711cfc188358887a8
SHA512

c4c3255d9c9dbd6fea7c849c4e598eaa4e839b21636cf3bc5d5cb3d526aad8cdd499a4ab44849e5f8842bb1dccec98d39f7606266ea79ba6173cbc9c7aabf26d
SSDEEP

786432:oGpi5th8XvTF7foyqAoC1uH4kXr6xew/N1:ogi5b8BoyToCsH4k+xR7

Score

10^/10

xworm rat trojan

Malware Config

Extracted

Family

xworm

Attributes

install_file
USB.exe

Targets

- Target
  
  MeeV Spoofer/MeeV Spoofer.dll
- Size
  
  33.6MB
- MD5
  
  0f07a56e1f265ff664b991caec5de0e2
- SHA1
  
  c7b2b0dedcd0475e13e4ef58d66252a6c01bad40
- SHA256
  
  4c65004faf8f440ade2deb9df1e9cb273c977a500150af544609567f2e01899b
- SHA512
  
  aca1e40463df2165296a7477f669e28b4d2dd0466b413572670549c92f4c360b01b8753b30e168b3f01f3cb69afaf26cc22a0841614dc007e01c1d35a573a9e3
- SSDEEP
  
  786432:KF8XyEdhkhcPDu35V2UMfWgl8OWrn9KA3UsbaAQ0RSaQ9:KF8Xvdhs2l8OQgPAQOm
Score

10^/10

xworm rat trojan
- Detect Xworm Payload
- Xworm
  Xworm is a remote access trojan written in C#.
  trojan rat xworm
- Xworm family
  xworm
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Loads dropped DLL
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
behavioral1 behavioral2
- Target
  
  MeeV Spoofer/MeeV Spoofer.exe
- Size
  
  377KB
- MD5
  
  8ff34fc450c3f755da1b83880337f035
- SHA1
  
  8d1215fb35c50e097d4e5021a806be80e8dea490
- SHA256
  
  54e9d6ea55f022c8fd573bc459a7ba67344aaa2411dfbe6aa23bb682b7b80a68
- SHA512
  
  109ba9b6e82770b6595ad2ac0a5dcba3dc37873662323f4765aefa62b47d2d845efbd6097672f46b99d7937f18698471c684e1bd86f7a64c17fb4603f4abdd06
- SSDEEP
  
  6144:ujxZqeQSL7PPvyrZ+y6GQoi6xoAAVSC1HJOP8vn:ujxuSLrqQoi6xoNh
Score

10^/10

xworm rat trojan
- Detect Xworm Payload
- Xworm
  Xworm is a remote access trojan written in C#.
  trojan rat xworm
- Xworm family
  xworm
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Loads dropped DLL
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
behavioral3 behavioral4
- Target
  
  MeeV Spoofer/runtimes/win/lib/net8.0/System.Management.dll
- Size
  
  305KB
- MD5
  
  72c62b8fed1879c314ba757cb289483d
- SHA1
  
  b18d623d1745b6f09ce0dc85f3acf1ff69f61ce9
- SHA256
  
  dca8b03636d4ef26a1727af2b8063998491b72d1dca547bedac3d65ef115d677
- SHA512
  
  f5b43271c08e4696c90fe507fa0931638a081ab1c7ce1e660036d15c1b406fc7cae265b0a05c47d29dfa25b7f1da809f2e42ad8a8bbad160a1f97eed176d3454
- SSDEEP
  
  6144:lyj+butGieusJEYE1SF7c39iwjwmppwbHV/ZqPJkoj80uSxptTy+D:l4+butGieusJE31Shd/kIaxpXD
Score

1^/10
behavioral5 behavioral6

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2

behavioral3

behavioral4

behavioral5

behavioral6