xworm | 9f096de5b225151543a66faa6ca95dc772c0167b7b75bf2dbec2c2ca64874491 | Triage

Sharing

General

Target

максим лох.exe
Size

41KB
Sample

250305-xw1exsxjx4
MD5

0011dad9c1a4c80a85c6ec8b6a3791ec
SHA1

6c9e04a11aadfad3d5209fef124d85d0a7649ff2
SHA256

9f096de5b225151543a66faa6ca95dc772c0167b7b75bf2dbec2c2ca64874491
SHA512

f60dcf603907e3291e21378c5f413a0623358b30be05e05e6f55c1d025585a7959513d1c811fa68844fc7f7575fc6eeb99d8d695b0c1f452cd77f349b1e92cd3
SSDEEP

768:NBFMiKhUsY5OEGsWyH6peAuwKFjHvdhtF5PG9+lOwh63EmXK:29hikvRya0AulzvdTFI9+lOws9XK

Score

10^/10

xworm rat trojan

Malware Config

Extracted

Family

xworm

Version

5.0

C2

20.ip.gl.ply.gg:25905

pics-facial.gl.at.ply.gg:25905

Mutex

DbJdoPQAuynKdINr

Attributes

Install_directory
%AppData%
install_file
USB.exe

aes.plain

Targets

- Target
  
  максим лох.exe
- Size
  
  41KB
- MD5
  
  0011dad9c1a4c80a85c6ec8b6a3791ec
- SHA1
  
  6c9e04a11aadfad3d5209fef124d85d0a7649ff2
- SHA256
  
  9f096de5b225151543a66faa6ca95dc772c0167b7b75bf2dbec2c2ca64874491
- SHA512
  
  f60dcf603907e3291e21378c5f413a0623358b30be05e05e6f55c1d025585a7959513d1c811fa68844fc7f7575fc6eeb99d8d695b0c1f452cd77f349b1e92cd3
- SSDEEP
  
  768:NBFMiKhUsY5OEGsWyH6peAuwKFjHvdhtF5PG9+lOwh63EmXK:29hikvRya0AulzvdTFI9+lOws9XK
Score

10^/10

xworm rat trojan
- Detect Xworm Payload
- Xworm
  Xworm is a remote access trojan written in C#.
  trojan rat xworm
- Xworm family
  xworm
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
behavioral1

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Peripheral Device Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1