xworm | 94bf91b3fb8d81ca10883351d514dd89c9f953771ec90a2c3571e586c0ece07a | Triage

Sharing

General

Target

Destiny Loader Cracked.bat
Size

327KB
Sample

250303-x1k6sswvh1
MD5

d0eef460c098ddfab73bffe09b5576f1
SHA1

72a9d083d85037abf060c027ceb2f4c7d83b8d42
SHA256

94bf91b3fb8d81ca10883351d514dd89c9f953771ec90a2c3571e586c0ece07a
SHA512

eaf4b8a20787685ac516f8c8fa27052df7e8100180cdbb16fdbc1dcdc33ede7623ed1ce1abbd24146bc2dc63c4e55fb36957dc731b005d71fd781e1a1b72e8d3
SSDEEP

6144:fS/P9VWTPTlLWWUY+GVH0I2mjYTNZTNSq78e89aOki5M:YP/2PTlLVUI2mMTTn8e89Ii5M

Score

10^/10

xworm execution rat trojan

Malware Config

Extracted

Family

xworm

Version

5.0

C2

ciad4zftx.localto.net:6536

Mutex

fz5G9hEIprTL3zDO

Attributes

Install_directory
%ProgramData%
install_file
System.exe

aes.plain

Targets

- Target
  
  Destiny Loader Cracked.bat
- Size
  
  327KB
- MD5
  
  d0eef460c098ddfab73bffe09b5576f1
- SHA1
  
  72a9d083d85037abf060c027ceb2f4c7d83b8d42
- SHA256
  
  94bf91b3fb8d81ca10883351d514dd89c9f953771ec90a2c3571e586c0ece07a
- SHA512
  
  eaf4b8a20787685ac516f8c8fa27052df7e8100180cdbb16fdbc1dcdc33ede7623ed1ce1abbd24146bc2dc63c4e55fb36957dc731b005d71fd781e1a1b72e8d3
- SSDEEP
  
  6144:fS/P9VWTPTlLWWUY+GVH0I2mjYTNZTNSq78e89aOki5M:YP/2PTlLVUI2mMTTn8e89Ii5M
Score

10^/10

xworm execution rat trojan
- Detect Xworm Payload
- Xworm
  Xworm is a remote access trojan written in C#.
  trojan rat xworm
- Xworm family
  xworm
- Blocklisted process makes network request
- Command and Scripting Interpreter: PowerShell
  Run Powershell and hide display window.
  execution
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
behavioral1

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Command and Scripting Interpreter

PowerShell

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

xwormexecutionrattrojan