General
-
Target
https://github.com/HYDRO-cel/HDRYO/releases/download/executor/BootstrapperNew.exe
-
Sample
250307-jrvf8axkz8
Score
10/10
Malware Config
Extracted
Family
xworm
Version
5.0
C2
october-casting.gl.at.ply.gg:46322
Mutex
DjMsEa9sMnX3gxE4
Attributes
-
Install_directory
%Userprofile%
-
install_file
XClient.exe
aes.plain
Targets
-
-
Target
https://github.com/HYDRO-cel/HDRYO/releases/download/executor/BootstrapperNew.exe
Score10/10-
Detect Xworm Payload
-
Xworm
Xworm is a remote access trojan written in C#.
-
Xworm family
-
Downloads MZ/PE file
-
Drops startup file
-
Executes dropped EXE
-
Adds Run key to start application
-
Sets desktop wallpaper using registry
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Scheduled Task/Job
1Scheduled Task
1Privilege Escalation
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Scheduled Task/Job
1Scheduled Task
1Defense Evasion
Modify Registry
2Subvert Trust Controls
1SIP and Trust Provider Hijacking
1