xworm | 4f43e8d90f82a6556d354a707fcbd355528755c0089e254ad249694855f26047 | Triage

Sharing

General

Target

aliu1.ps1
Size

1.6MB
Sample

250307-sknjrsssbs
MD5

4a319c9e02e40a2b6e8351b8a29fce00
SHA1

8402349210dbc3878be22625c374b821d148d70b
SHA256

4f43e8d90f82a6556d354a707fcbd355528755c0089e254ad249694855f26047
SHA512

abecb6b8b3fbcc7b67e7a5cb3da0dda9309e4f0044da79206e818db718d7cea73202704ba9f1ae6c928e11e26b832cae8dca932688373bea76af4e4346b2f5be
SSDEEP

24576:vfyaQV6q4wOViv+ZinOIHtr1bqeNhI2LXteG4UGG28mcbYAJfQUKw4wNgUQkcf3o:ePOViycbrWg974PGhbZCwNc6uu

Score

10^/10

xworm execution rat trojan

Malware Config

Extracted

Family

xworm

Version

5.0

C2

193.32.177.63:6000

Mutex

wwD0bshguVCRSd3k

Attributes

install_file
USB.exe
telegram
https://api.telegram.org/bot7238632531:AAGCQZAh03hAwOcuP9HUeoAP5AQV0o0tp24/sendMessage?chat_id=8080837794

aes.plain

Targets

- Target
  
  aliu1.ps1
- Size
  
  1.6MB
- MD5
  
  4a319c9e02e40a2b6e8351b8a29fce00
- SHA1
  
  8402349210dbc3878be22625c374b821d148d70b
- SHA256
  
  4f43e8d90f82a6556d354a707fcbd355528755c0089e254ad249694855f26047
- SHA512
  
  abecb6b8b3fbcc7b67e7a5cb3da0dda9309e4f0044da79206e818db718d7cea73202704ba9f1ae6c928e11e26b832cae8dca932688373bea76af4e4346b2f5be
- SSDEEP
  
  24576:vfyaQV6q4wOViv+ZinOIHtr1bqeNhI2LXteG4UGG28mcbYAJfQUKw4wNgUQkcf3o:ePOViycbrWg974PGhbZCwNc6uu
Score

10^/10

execution xworm rat trojan
- Detect Xworm Payload
- Xworm
  Xworm is a remote access trojan written in C#.
  trojan rat xworm
- Xworm family
  xworm
- Blocklisted process makes network request
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Command and Scripting Interpreter

PowerShell

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2

xwormexecutionrattrojan