xworm | dd72ca01f027c7e78eddab85ae78a2e5dadf0448efb881eee83ae58d78e6683a | Triage

Sharing

General

Target

XClient.exe
Size

32KB
Sample

250306-s5msza11ex
MD5

488edd77586b5974047f6306f2fa76c6
SHA1

0d8954f5f4afb1715dc9f1bb2881a9f2f3b9f294
SHA256

dd72ca01f027c7e78eddab85ae78a2e5dadf0448efb881eee83ae58d78e6683a
SHA512

50ca70a8bb167e8054ed3bdcfc83c588851719f8d3935b4e7041031a23e45be157c2920672a8792eeac3121ab3e3f826c46f9a54cb3e7a3288e40ecf7921c1ba
SSDEEP

384:/YxRXcrP31VZBELRUnvJff3cdiwJVARJpkFTBLToOZwxJd2v99IkuisO3VFxOjhH:DPjgRevJ3cdXVAGF/9jpOjhTbf

Score

10^/10

xworm rat trojan

Malware Config

Extracted

Family

xworm

Version

5.0

Mutex

7nuSUIfQmPuMEcMT

Attributes

install_file
USB.exe
pastebin_url
https://pastebin.com/raw/4zaiEtZS

aes.plain

Targets

- Target
  
  XClient.exe
- Size
  
  32KB
- MD5
  
  488edd77586b5974047f6306f2fa76c6
- SHA1
  
  0d8954f5f4afb1715dc9f1bb2881a9f2f3b9f294
- SHA256
  
  dd72ca01f027c7e78eddab85ae78a2e5dadf0448efb881eee83ae58d78e6683a
- SHA512
  
  50ca70a8bb167e8054ed3bdcfc83c588851719f8d3935b4e7041031a23e45be157c2920672a8792eeac3121ab3e3f826c46f9a54cb3e7a3288e40ecf7921c1ba
- SSDEEP
  
  384:/YxRXcrP31VZBELRUnvJff3cdiwJVARJpkFTBLToOZwxJd2v99IkuisO3VFxOjhH:DPjgRevJ3cdXVAGF/9jpOjhTbf
Score

10^/10

xworm rat trojan
- Detect Xworm Payload
- Xworm
  Xworm is a remote access trojan written in C#.
  trojan rat xworm
- Xworm family
  xworm
- Legitimate hosting services abused for malware hosting/C2
behavioral1

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Peripheral Device Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Web Service

Exfiltration

Impact

Tasks

static1

behavioral1