xworm | a02f4d66be93cac92899b5c049d2eb5758bcd928908123e344806b7568faeded | Triage

Sharing

General

Target

Nurik 1.12.2-1.16.5.rar
Size

9.7MB
Sample

250306-r42eas1qt8
MD5

9c24f5afafb5485602bb389ac6b92867
SHA1

d129eec0347c9ed7136508fa9c53d52d7be32fe4
SHA256

a02f4d66be93cac92899b5c049d2eb5758bcd928908123e344806b7568faeded
SHA512

87af3614369e0258e500596ff872a09395085bae4de1d34a3ad134f98ae563e29fb435e375d25eaa046df22fe740154e19b3084bd57473b36c80ab7d20ca5af3
SSDEEP

196608:zufLYMePTVw+Qo3dnhQAiJBcH7Y3r7ufvnQwAWRjt0P7s9vMu70klu/o:zuTr6p1hQD3cH23SnQwFRjtiWvMfro

Score

10^/10

xworm discovery rat trojan

Malware Config

Extracted

Family

xworm

Version

5.0

C2

Idlerkik-51025.portmap.host:51025

Mutex

rSFFOfqaVoKkdUae

Attributes

Install_directory
%AppData%
install_file
svhost.exe

aes.plain

Targets

- Target
  
  Nursultan 1.12.2-1.16.5 Crack/CrackLauncher.exe
- Size
  
  42KB
- MD5
  
  4f7d0cb075b81a3923661409b47e8a31
- SHA1
  
  d3aa635fedd9adff2a821fa20e7f8b9fac838ed4
- SHA256
  
  4e3b031bcd6552a48501e629c37e53d58721cde1b494ee96f8ba9473be7ff6d6
- SHA512
  
  3e3fea0be7af651bb2b7eba42543112912808931a9f8f84e7ab8f424910b190c113a99bf4859d032bc0ae3478398b93ffe5d025b7dc1dffe37111ea6d3e7a66e
- SSDEEP
  
  768:oTafJRPSlKSmUO2DXFyp9ORLM56YOjhWPyVGO:oTKJqm2TF09MLg6YOj0JO
Score

10^/10

xworm rat trojan
- Detect Xworm Payload
- Xworm
  Xworm is a remote access trojan written in C#.
  trojan rat xworm
- Xworm family
  xworm
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
behavioral1 behavioral2
- Target
  
  Nursultan 1.12.2-1.16.5 Crack/client/nvidiaapp.dll
- Size
  
  9KB
- MD5
  
  f561294fd2c3b4553f247b5a22e180ed
- SHA1
  
  4ee925f9d6a21f06555ef1d873f68347c24183ae
- SHA256
  
  cf3608a24fb8b424047db7b3b7bba7b45455cadc21aa0d9ae9da6c51c26ad417
- SHA512
  
  beb5b4dde5efa47753c10997b391a4fa9a2bc12a7e64831603c1c4f047a9008e671ca9a4f7a22fff2f5317e17126f765ed71344ccc72f41c5b7d8123e47013dd
- SSDEEP
  
  192:Cos0s0s0s0s0s0s0s0s0s0s0s0s0s0s0s0s0s0m:Cos0s0s0s0s0s0s0s0s0s0s0s0s0s0sj
Score

1^/10
behavioral3 behavioral4
- Target
  
  Nursultan 1.12.2-1.16.5 Crack/java/ForgeOptiFine 1.12.2.jar
- Size
  
  9.7MB
- MD5
  
  8c0443868b9e46c77d39db61c755679d
- SHA1
  
  0f275bc1547d01fa5f56ba34bdc87d981ee12daf
- SHA256
  
  8ada07da5ee77dad3527bd7278fbd05ee1fc8a597813b216a871a2d7d64cc64f
- SHA512
  
  3afe108c273a6bbe17f2f88da49e5a21a5dfd0250c03ae51d7c70493d6ca015d75abc867378f7f30d62ac9535a8a5f06c62880dda8b31c68d734a1a8623347fe
- SSDEEP
  
  196608:pqLAzKzjjIsrrpME754ze1Be6etSSN5edf64UFOTYVGQA1c+:QAzKn1rdMEdlBe6+3edfxUA1zz
Score

1^/10
behavioral5 behavioral6
- Target
  
  Nursultan 1.12.2-1.16.5 Crack/java/natives/OpenAL32.dll
- Size
  
  381KB
- MD5
  
  9e02334f9bba622885eadb059f0633b3
- SHA1
  
  ede381bf55e7d0cd3a7e058237bbc66a8ff63837
- SHA256
  
  baf27fc91dc852d78889e052cfc9ed2b6fc0927258bb507a895c6fcd50f10fef
- SHA512
  
  066eaaee241976d99e3f11de415976fb0e47e97035d4d7a7c121c33882190f3546637650f841a2858ac1734655f4994dc2cb8c5bdda5828557485fc20a779def
- SSDEEP
  
  6144:qB0wNMEdGJE5cN8PLJ8I1kabGLPwrWr+JervPI6YXaZ8AO8+H1MOi7BU:qBDL+af1kabGL/r+JwvPjKaZ8NMO
Score

3^/10

discovery
behavioral7 behavioral8
- Target
  
  Nursultan 1.12.2-1.16.5 Crack/java/natives/OpenAL64.dll
- Size
  
  373KB
- MD5
  
  89021c218a3f6feb807a664f852ffbd3
- SHA1
  
  97362fba53dfb6d9581b8c64829f4b1d98a97855
- SHA256
  
  9261b66010a845ddef9f61d5e4266fe2f08a53f3605da002e9e8f8d202bdbc5e
- SHA512
  
  e511c707c4453016cdeefcbc863fbf2750ad9cda12ad31f27369d5a396f9c98d9ef37fafb4030c683f17b1e2cdcfce924015fe49dd6652c3060bb0ba77ea3064
- SSDEEP
  
  6144:ABdTusYmeqPD3H/Jm9iQV4+ttOpJ2z4dpFg1RB/vPI6YXaZqRs0:AjTWIbgOmyEvPjKaZqR
Score

1^/10
behavioral10 behavioral9
- Target
  
  Nursultan 1.12.2-1.16.5 Crack/java/natives/SAPIWrapper_x64.dll
- Size
  
  83KB
- MD5
  
  2675265c0f5baa7483a6b66b7ddd1226
- SHA1
  
  7fdbc1a8a9c0e550e95b7444369529c823f7d24f
- SHA256
  
  241dd8e036a1cd27dfd7bc52027aa5c02528ce5138c5515c4864db723b109731
- SHA512
  
  baf8123edf643cce5eec7457dab131d0906971ff5f8de039bfbb4a5ef22da35a770dfc8809f8731d6fd17c5efcce4cb7605d59a4e4e6688aa417988386463e52
- SSDEEP
  
  1536:i0pQvAZX4pQe0KmVmk/H/SRAqg1wsWjGpRsBQ+8/iJyzfGdc9dlUmcc7BI:i0pRXe1mVhH/SRhI0GpRsBQ+8/iJyzfk
Score

3^/10

discovery
behavioral11 behavioral12
- Target
  
  Nursultan 1.12.2-1.16.5 Crack/java/natives/SAPIWrapper_x86.dll
- Size
  
  69KB
- MD5
  
  41dfbc2efe788a9aa10317c1a1a19f63
- SHA1
  
  d48b1c8b9e20f9e4de21497d6dda1fba2f0d84d1
- SHA256
  
  58488c47b41bed97913e5694a6bbe418dffb4055cb2bda28348b6381a86f98c7
- SHA512
  
  d9fcd723d8fcbb72de571c6196b3771d88c8d12fe843cc6196eb1f733b322d211be419aebf7133c7d1d339205e2a548e306b6c910745688aefcfc0c8a60d23cf
- SSDEEP
  
  1536:QnhkNXcIOIIWXikjzY2Eeq8+Q4fsWZQcdyyyhc2h8xFYD:FIWSkzYTlVJyRh+xF2
Score

3^/10

discovery
behavioral13 behavioral14
- Target
  
  Nursultan 1.12.2-1.16.5 Crack/java/natives/jinput-dx8.dll
- Size
  
  60KB
- MD5
  
  ec587acff9c06d699829908b515ea17e
- SHA1
  
  50348b2958b017df3bf30d7915ab61a4cb9a2b33
- SHA256
  
  89779abf806a93dd809bc7a4914967d0e6924dedf293afd48dd205dbce87d8b8
- SHA512
  
  2a7895d6196e3f1f740982bd4d0daeba255a033c971638e3aebd2cd2233c39f7c8e92c72d2eeb41f8b368d388a3b270fee2cbe219ee239f5d62af9f6f8ed72d7
- SSDEEP
  
  768:2Rj4ZLedvA5Z3cYlqcMOml0V6jY/MDS5TQkuzFqIn1pCDFECBXT7kE:gyLwvA/cYuLpYMSp2zJn330TT
Score

3^/10

discovery
behavioral15 behavioral16
- Target
  
  Nursultan 1.12.2-1.16.5 Crack/java/natives/jinput-dx8_64.dll
- Size
  
  63KB
- MD5
  
  90cab52fca89e7d233741c0439dc2005
- SHA1
  
  5d9a7d3fb6224dab97aaff7bd9430232732d9be8
- SHA256
  
  a38cb458b9e5a246d7418f38ac04430c2e5a3f46b082955d6dfd5d2bd74f4222
- SHA512
  
  041ca3aa3d6560f207d841c8af1939e4e93538fe4f34d74fb9eee003733d98783914c6cbe45022c483a6cfb54f0e4f25013f67851d9ae6e9ea6a8cc158d28936
- SSDEEP
  
  1536:PVt32LOgsg0Vn88QhCuUDhsI0CSS2u4mL5Ie2JQ:H2JsLV88QguUFT9DL5I9JQ
Score

1^/10
behavioral17 behavioral18
- Target
  
  Nursultan 1.12.2-1.16.5 Crack/java/natives/jinput-raw.dll
- Size
  
  58KB
- MD5
  
  0862d141de8b4dd93ac55cd4a1a78b69
- SHA1
  
  4d982f408e815519c2289cd720c78338392a9887
- SHA256
  
  0a8c0b47e173453bd92da224f73a6aff35b07c2db315abaf33e68edbdb147971
- SHA512
  
  c070516f902082c3eda3f19fab6d6a6998442664f1b25d5d4c2229c03b7cac1a2a41d78b98474dfde3514bc206f5fb92e1949627e3e64052e0ed880e3f6a52ad
- SSDEEP
  
  768:YxAM8x3LQmQhccHXx+LHfFCxMJvI/+q9c6LTZsTUkwS9/FE5HBXTWoJCRX:tDI3+jFWTLTiUknG5NT9JMX
Score

3^/10

discovery
behavioral19 behavioral20
- Target
  
  Nursultan 1.12.2-1.16.5 Crack/java/natives/jinput-raw_64.dll
- Size
  
  61KB
- MD5
  
  ffc85e4a631d90112aee8e213cd367cd
- SHA1
  
  067c11135f9ebeb554d5f80b7a8a5244c0f3b7d7
- SHA256
  
  832308f96b1760f2ebc183d1a1771278bb3236e4567dd7a23e1eaecf95f9c03c
- SHA512
  
  376393d9351ad2317bdff831df012ef993039c6bcb0616dec3c91ff1b13568a6f04c3bc8a0f9888aabafa7182513fe5f7fe5fe1fca7f14f64b58414e02bd8c48
- SSDEEP
  
  1536:ZFG7/fQHJY7EJsvjf30G8DbI7RfnBUVEGhM0q2JKmf6:ZFG7QHy7EJsvjfkG8QnByfJKm
Score

1^/10
behavioral21 behavioral22
- Target
  
  Nursultan 1.12.2-1.16.5 Crack/java/natives/jinput-wintab.dll
- Size
  
  55KB
- MD5
  
  7b5d669b490d5737d8a9d1f96274e2e5
- SHA1
  
  e7b9beead279298611d0c4753089d3af07c4c9e9
- SHA256
  
  59201c94eb563025e47fe6b6f5c4dc326f0059d49285e2d3a44482cb60ffc9e2
- SHA512
  
  ac43cfe9e3ef9dc0e1d2e49a8bbba041b5eca0d4822e694031c694f463017f39ad0131b9f689cc30d177bbf0253f6d2942314683c1ab51a54674ad1309baaeff
- SSDEEP
  
  768:gxucOm6iQLZXNvJGgY1mus+XBpkJ3L6GAwk44Rv+1mYxTauAR:ZcZQbzZC8J3LfA0Wk1T4R
Score

3^/10

discovery
behavioral23 behavioral24
- Target
  
  Nursultan 1.12.2-1.16.5 Crack/java/natives/lwjgl.dll
- Size
  
  299KB
- MD5
  
  2644c73a80eb9f9fb7f81a2a5e546642
- SHA1
  
  6f1661fc6952312a9f34dfa6d3840b46e9c85e63
- SHA256
  
  fff711369747e9bb3656d4c5bdee7051bbc13f30abd634418bf40706a25f365c
- SHA512
  
  b67cb978b780fff10df8e610b722b81f7b68168bf4510cfd9406c65182703d8f42fc88820861e73f78ba75cb70d2f29c6b0978d7a02b0d196699c2650d869ae6
- SSDEEP
  
  3072:zd8I6dvi/byiLxRfg6p2ykoDYABr2JFcLN9Z5S0QoY6Pw5W+LMm002eunkmKq/XD:zqrd+DT2gLN9HKlmKqz
Score

3^/10

discovery
behavioral25 behavioral26
- Target
  
  Nursultan 1.12.2-1.16.5 Crack/java/natives/lwjgl64.dll
- Size
  
  310KB
- MD5
  
  0b9fcfbd6d44e4d83605cc35171668c8
- SHA1
  
  f4013116d6750829851370ed19a9eaf8251ad6e1
- SHA256
  
  ebdcedbc3e24b911aacd7bb666ab426397ca7d7883a8d4e3cf28946041c95425
- SHA512
  
  e920e284f47f888d10cac45ec8775e58481f5a8c2316d3fa01ff1e7b1bb63c64d2d0850b2da8fd040727b969d3b3f9b85afbd86b6cbfaecca580b853a1499f59
- SSDEEP
  
  3072:Jy6nSomUPQukwpSor62AIiGYIR2LGPHc0Ul+S4KQdw6tqYKVFlCh7NZqSEgbh:JciFkwpL2DI0yPHTw6tVKYr
Score

1^/10
behavioral27 behavioral28

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2

behavioral3

behavioral4

behavioral5

behavioral6

behavioral7

behavioral8

behavioral9

behavioral10

behavioral11

behavioral12

behavioral13

behavioral14

behavioral15

behavioral16

behavioral17

behavioral18

behavioral19

behavioral20

behavioral21

behavioral22

behavioral23

behavioral24

behavioral25

behavioral26

behavioral27

behavioral28