xworm | a0c1da59c2c9a1019b41bcaa68df9ef8800c3dec4969497decac8cfd62f8d6bf | Triage

Sharing

General

Target

MasonClient.exe
Size

47KB
Sample

250303-2hh1ya1rt3
MD5

bc74bb7f54b6d467f4245951e4cfcbe5
SHA1

a22aa740705a3002f754039cc79154dcd6ef68f8
SHA256

a0c1da59c2c9a1019b41bcaa68df9ef8800c3dec4969497decac8cfd62f8d6bf
SHA512

a2c2e7564238cc3371f9c5c2d4ae808bc7f2a6a9b8b435e133a088fbd72131df400cd739e88fc84e8a41ed88a89d313b22fd08495629a11e4a95bc4836ca7c23
SSDEEP

768:0KpEv4imkJqvhcDz0BXzTqjNvoCdVw+ucCOzYdgFeb5xTLRfgz4nhJOmdMu:0MEv4imkJqvhcDz0BjTqjNvJdV7XYb5n

Score

10^/10

xworm rat trojan

Malware Config

Extracted

Family

xworm

Attributes

install_file
USB.exe

Targets

- Target
  
  MasonClient.exe
- Size
  
  47KB
- MD5
  
  bc74bb7f54b6d467f4245951e4cfcbe5
- SHA1
  
  a22aa740705a3002f754039cc79154dcd6ef68f8
- SHA256
  
  a0c1da59c2c9a1019b41bcaa68df9ef8800c3dec4969497decac8cfd62f8d6bf
- SHA512
  
  a2c2e7564238cc3371f9c5c2d4ae808bc7f2a6a9b8b435e133a088fbd72131df400cd739e88fc84e8a41ed88a89d313b22fd08495629a11e4a95bc4836ca7c23
- SSDEEP
  
  768:0KpEv4imkJqvhcDz0BXzTqjNvoCdVw+ucCOzYdgFeb5xTLRfgz4nhJOmdMu:0MEv4imkJqvhcDz0BjTqjNvJdV7XYb5n
Score

10^/10

xworm rat trojan
- Detect Xworm Payload
- Xworm
  Xworm is a remote access trojan written in C#.
  trojan rat xworm
- Xworm family
  xworm
- Legitimate hosting services abused for malware hosting/C2
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Web Service

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2