xworm | a8dd80f236a5b28dd7f4856ca32bb254832d4a66a0405cc32e61bd4762915714 | Triage

Submit
Reports

Overview

overview

Static

static

3

CulMasterBot.exe

windows7-x64

CulMasterBot.exe

windows10-2004-x64

Sharing

General

Target

CulMasterBot.rar
Size

547KB
Sample

250305-rzepqs1ns3
MD5

a2278b12e9cb008131779ddf5a880a0a
SHA1

a0f71e486efc7a1e23508fdd58b1a86a9d817e44
SHA256

a8dd80f236a5b28dd7f4856ca32bb254832d4a66a0405cc32e61bd4762915714
SHA512

991647812d421d3df56f48604a40f8211e67e3e5bdf13d35197abec6737b1b69383f37c4a06759e85d3823e31c0730e64e5786b88166115f2c26a8443765ddbc
SSDEEP

12288:onEAwFWh7cz18rW7a+1JBjf55YGvIUWnVIgVWGAJKjS10:oEANho5867V1fnYGvI/I+sKjf

Score

10^/10

xworm discovery rat trojan

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

CulMasterBot.exe

Resource

win7-20240903-en

xworm discovery rat trojan

windows7-x64

12 signatures

150 seconds

Behavioral task

behavioral2

Sample

CulMasterBot.exe

Resource

win10v2004-20250217-en

xworm discovery rat trojan

windows10-2004-x64

11 signatures

150 seconds

Malware Config

Extracted

Family

xworm

Version

5.0

C2

176.65.134.31:7000

Mutex

6H3f8cuSC1IGC8kj

Attributes

install_file
USB.exe

aes.plain

Targets

- Target
  
  CulMasterBot.exe
- Size
  
  758KB
- MD5
  
  2417767a8d9740d0c304bb72ed185b67
- SHA1
  
  21bbd4db761968bc1fb0708767ef10814dd41868
- SHA256
  
  7f8878badd48f61c9af71d304ee2cc5d2e580a92816b721a206d2889063f4b81
- SHA512
  
  c0b947608909829271cefb797017933a02d55a378eb6f70ecba20c3d86658c46fb58a515e90d32419cfdeab63d7e166fc699cbf0bfba8b5135301b5d8b9f63ae
- SSDEEP
  
  12288:7fQqQuCmgRYeJIDdrd+pQkKVn6nY4u5fsR1b:7fQqQuiJIprdOQJn6nbuiF
Score

10^/10

xworm discovery rat trojan
- Contains code to disable Windows Defender
  A .NET executable tasked with disabling Windows Defender capabilities such as realtime monitoring, blocking at first seen, etc.
- Detect Xworm Payload
- Xworm
  Xworm is a remote access trojan written in C#.
  trojan rat xworm
- Xworm family
  xworm
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

xwormdiscoveryrattrojan

behavioral2

xwormdiscoveryrattrojan

© 2018-2025

Terms | Privacy