xworm

General

Target

https://cdn.discordapp.com/attachments/1337991571500568716/1347929751221833809/TESTT.exe?ex=67cd9ce8&is=67cc4b68&hm=ddb1e26b0afd306f4ffaf8a5ab670be3407a8bb8f599ebd5896c9466c18de40c&
Sample

250308-q6gl8sxzcs

Score

10^/10

Malware Config

Extracted

Family

xworm

Attributes

Install_directory
%port%
install_file
USB.exe
pastebin_url
https://pastebin.com/raw/cSnNDAPb

Targets

- Target
  
  https://cdn.discordapp.com/attachments/1337991571500568716/1347929751221833809/TESTT.exe?ex=67cd9ce8&is=67cc4b68&hm=ddb1e26b0afd306f4ffaf8a5ab670be3407a8bb8f599ebd5896c9466c18de40c&
Score

10^/10

xworm discovery rat trojan
- Detect Xworm Payload
- Xworm
  Xworm is a remote access trojan written in C#.
  trojan rat xworm
- Xworm family
  xworm
- Downloads MZ/PE file
- Executes dropped EXE
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
behavioral1

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

Query Registry

System Information Discovery

1

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

Detect Xworm Payload

Xworm family

Downloads MZ/PE file

Executes dropped EXE

Looks up external IP address via web service

MITRE ATT&CK Enterprise v15

Tasks

static1

urlscan1

behavioral1