xworm | 7f507b99c9093f08d5a163cda561e0a4ecde77f55930e93e00c550f4b70ea58e | Triage

Sharing

General

Target

nub 2.exe
Size

34KB
Sample

250303-2v2zksslt9
MD5

1b581969ef2146efc86650cd72703d7d
SHA1

9f813cdfd392f89093d57631e55263dbfde6934b
SHA256

7f507b99c9093f08d5a163cda561e0a4ecde77f55930e93e00c550f4b70ea58e
SHA512

d484779b11d6a720e6c9edbfaa1cbc202ecd2b0314b6a47cfdcf719bd62daff84a4152088192bdfc01da138fb91e1aa49ba5bcf1aa516eed7806bb65a969bd24
SSDEEP

768:mXB2GxebH1DyCrhZVFye9FQ5cuOjhnyyEr3:mXB2MA1DrhHFb9FidOjBq3

Score

10^/10

xworm rat trojan

Malware Config

Extracted

Family

xworm

Version

5.0

C2

forum-sequences.gl.at.ply.gg:36712

Mutex

kIJ3K8uO5ndUMIFp

Attributes

Install_directory
%Temp%
install_file
USB.exe

aes.plain

Targets

- Target
  
  nub 2.exe
- Size
  
  34KB
- MD5
  
  1b581969ef2146efc86650cd72703d7d
- SHA1
  
  9f813cdfd392f89093d57631e55263dbfde6934b
- SHA256
  
  7f507b99c9093f08d5a163cda561e0a4ecde77f55930e93e00c550f4b70ea58e
- SHA512
  
  d484779b11d6a720e6c9edbfaa1cbc202ecd2b0314b6a47cfdcf719bd62daff84a4152088192bdfc01da138fb91e1aa49ba5bcf1aa516eed7806bb65a969bd24
- SSDEEP
  
  768:mXB2GxebH1DyCrhZVFye9FQ5cuOjhnyyEr3:mXB2MA1DrhHFb9FidOjBq3
Score

10^/10

xworm rat trojan
- Detect Xworm Payload
- Xworm
  Xworm is a remote access trojan written in C#.
  trojan rat xworm
- Xworm family
  xworm
- Drops startup file
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2