xworm | 8fb7c15f8e61e7f6016650ed44a7b736254d27eaa9ef5aeed13a60b429e1bcc1 | Triage

Sharing

General

Target

2.exe
Size

32KB
Sample

250306-dd39baxjv3
MD5

0348827ff0672fa51903184d58dbb05a
SHA1

856266e755be4e749644de4b2983800d272cc64f
SHA256

8fb7c15f8e61e7f6016650ed44a7b736254d27eaa9ef5aeed13a60b429e1bcc1
SHA512

b949fc474b9bceb95308a8ca6949ddff906e48c8af7c15da229464489bd62c22a3593893569a780df1a27e9d9e6e36d8051cf8d714a50a3f92842811c027378b
SSDEEP

768:uVa+vNtg+PB23Tw49FzVFE9jlV7Ojhfbu:gvNtgw23U49HFE9jlV7Oj96

Score

10^/10

xworm rat trojan

Malware Config

Extracted

Family

xworm

Version

5.0

C2

172.22.176.1:1177

Mutex

wF5dVYYnCjrDs5P2

Attributes

install_file
USB.exe

aes.plain

Targets

- Target
  
  2.exe
- Size
  
  32KB
- MD5
  
  0348827ff0672fa51903184d58dbb05a
- SHA1
  
  856266e755be4e749644de4b2983800d272cc64f
- SHA256
  
  8fb7c15f8e61e7f6016650ed44a7b736254d27eaa9ef5aeed13a60b429e1bcc1
- SHA512
  
  b949fc474b9bceb95308a8ca6949ddff906e48c8af7c15da229464489bd62c22a3593893569a780df1a27e9d9e6e36d8051cf8d714a50a3f92842811c027378b
- SSDEEP
  
  768:uVa+vNtg+PB23Tw49FzVFE9jlV7Ojhfbu:gvNtgw23U49HFE9jlV7Oj96
Score

10^/10

xworm rat trojan
- Detect Xworm Payload
- Xworm
  Xworm is a remote access trojan written in C#.
  trojan rat xworm
- Xworm family
  xworm
behavioral1

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Peripheral Device Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1