xworm | df2ffecdfecc6eec6cbb8f28d193257c99cf22a9204a95f2a6b7d4ca3504276d | Triage

Sharing

General

Target

df2ffecdfecc6eec6cbb8f28d193257c99cf22a9204a95f2a6b7d4ca3504276d.ps1
Size

46B
Sample

250307-sj5rnasnz6
MD5

add1b58cd122ee7a1807d8634099b1f2
SHA1

0b9e55fdf1906c81f367afbcb8efac8a526e089c
SHA256

df2ffecdfecc6eec6cbb8f28d193257c99cf22a9204a95f2a6b7d4ca3504276d
SHA512

412a24c206a1eedb8b15bad330306bbb8f5f23df66a53da231aca836f8ec684729f655d05c2c3f94f5f101ee7a2a74b8da6f7f2f01772ffe0dea8182d5a26a07

Score

10^/10

xworm execution rat trojan

Malware Config

Extracted

Family

xworm

Version

5.0

C2

193.32.177.63:6000

Mutex

wwD0bshguVCRSd3k

Attributes

install_file
USB.exe
telegram
https://api.telegram.org/bot7238632531:AAGCQZAh03hAwOcuP9HUeoAP5AQV0o0tp24/sendMessage?chat_id=8080837794

aes.plain

Targets

- Target
  
  df2ffecdfecc6eec6cbb8f28d193257c99cf22a9204a95f2a6b7d4ca3504276d.ps1
- Size
  
  46B
- MD5
  
  add1b58cd122ee7a1807d8634099b1f2
- SHA1
  
  0b9e55fdf1906c81f367afbcb8efac8a526e089c
- SHA256
  
  df2ffecdfecc6eec6cbb8f28d193257c99cf22a9204a95f2a6b7d4ca3504276d
- SHA512
  
  412a24c206a1eedb8b15bad330306bbb8f5f23df66a53da231aca836f8ec684729f655d05c2c3f94f5f101ee7a2a74b8da6f7f2f01772ffe0dea8182d5a26a07
Score

10^/10

execution xworm rat trojan
- Detect Xworm Payload
- Xworm
  Xworm is a remote access trojan written in C#.
  trojan rat xworm
- Xworm family
  xworm
- Blocklisted process makes network request
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Command and Scripting Interpreter

PowerShell

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2

xwormexecutionrattrojan