xworm | 0b6f399b1b5e976944d903b553343fa00c0af1dacecfcb161b7018c3282c8c8d | Triage

Sharing

General

Target

Sukioshe.API.bat
Size

102KB
Sample

250304-q146ca1xhx
MD5

378a551aa3a4c5e0adec167eaa224b24
SHA1

0f55fd5a8bae0149321975f44599314ca96d954d
SHA256

0b6f399b1b5e976944d903b553343fa00c0af1dacecfcb161b7018c3282c8c8d
SHA512

a291af2e59ac3db474a6139b6ce2d672d6c556a61bc7ec0360e32565d93c5a1d8c71b7306826232fb78749b6b0a72787763b7ca94e2cda38b0afbcb9ab0e890e
SSDEEP

1536:y1YNBiAGQ4g3JGPFSutTsn5zr73oWiA6WwprhyIha1CjRAoH28oKN34rmeeS3BQe:Hf0Qn3CFSutIHwp9yJCj+oWC45eWKe

Score

10^/10

xworm defense_evasion rat trojan

Malware Config

Extracted

Family

xworm

C2

45.88.91.101:7000

Attributes

Install_directory
%AppData%
install_file
win32.exe

Targets

- Target
  
  Sukioshe.API.bat
- Size
  
  102KB
- MD5
  
  378a551aa3a4c5e0adec167eaa224b24
- SHA1
  
  0f55fd5a8bae0149321975f44599314ca96d954d
- SHA256
  
  0b6f399b1b5e976944d903b553343fa00c0af1dacecfcb161b7018c3282c8c8d
- SHA512
  
  a291af2e59ac3db474a6139b6ce2d672d6c556a61bc7ec0360e32565d93c5a1d8c71b7306826232fb78749b6b0a72787763b7ca94e2cda38b0afbcb9ab0e890e
- SSDEEP
  
  1536:y1YNBiAGQ4g3JGPFSutTsn5zr73oWiA6WwprhyIha1CjRAoH28oKN34rmeeS3BQe:Hf0Qn3CFSutIHwp9yJCj+oWC45eWKe
Score

10^/10

xworm defense_evasion rat trojan
- Detect Xworm Payload
- Xworm
  Xworm is a remote access trojan written in C#.
  trojan rat xworm
- Xworm family
  xworm
- Executes dropped EXE
- Deobfuscate/Decode Files or Information
  Payload decoded via CertUtil.
  defense_evasion
behavioral1

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Deobfuscate/Decode Files or Information

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

xwormdefense_evasionrattrojan