xworm

Resubmissions

08/03/2025, 18:53

250308-xjvc5s1mv8 10

08/03/2025, 18:45

250308-xd9wms1tas 10

08/03/2025, 18:43

250308-xdeeqs1shv 10

Sharing

Copy URL

Twitter E-mail

General

Target

WindowsApp1.exe
Size

107KB
Sample

250308-xjvc5s1mv8
MD5

1e24ff2359051f6c6a41809c4b9ebbf4
SHA1

a422a0a2b3ec9d9fd588eee0c8abdc11e7da3b30
SHA256

8d51377fe043255945425c46ce9a964083da47dd78c841da3836558a6c40b831
SHA512

9a7f86d428941d43d768b69feeb523b7e9def3b7e6924ec50dfad68556a52f0f4ffa62f59b52b6d1ebef3302f338b099cfd4a924f2d270e4f824aef408c22de8
SSDEEP

1536:TMCOo9HbpuW+LpyOQGTrePk5QgKYXsIpsd0tiA/EdipjNd+FXwD+X4vBr52WBHPa:TaGcoCoonMyBBzvBXvWjOVY

Score

10^/10

Malware Config

Extracted

Family

xworm

Version

3.1

any-attraction.gl.at.ply.gg:27770

Mutex

B33wn5oKUxMok1Li

Attributes

install_file
USB.exe

aes.plain

Extracted

Family

xworm

council-wars.gl.at.ply.gg:19994

Attributes

Install_directory
%AppData%
install_file
USB.exe

Targets

- Target
  
  WindowsApp1.exe
- Size
  
  107KB
- MD5
  
  1e24ff2359051f6c6a41809c4b9ebbf4
- SHA1
  
  a422a0a2b3ec9d9fd588eee0c8abdc11e7da3b30
- SHA256
  
  8d51377fe043255945425c46ce9a964083da47dd78c841da3836558a6c40b831
- SHA512
  
  9a7f86d428941d43d768b69feeb523b7e9def3b7e6924ec50dfad68556a52f0f4ffa62f59b52b6d1ebef3302f338b099cfd4a924f2d270e4f824aef408c22de8
- SSDEEP
  
  1536:TMCOo9HbpuW+LpyOQGTrePk5QgKYXsIpsd0tiA/EdipjNd+FXwD+X4vBr52WBHPa:TaGcoCoonMyBBzvBXvWjOVY
Score

10^/10

xworm discovery rat trojan
- Detect Xworm Payload
- Xworm
  Xworm is a remote access trojan written in C#.
  trojan rat xworm
- Xworm family
  xworm
- Downloads MZ/PE file
- Executes dropped EXE
- Legitimate hosting services abused for malware hosting/C2
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Web Service

T1102

Exfiltration

Impact

Tasks

Resubmissions

Sharing

General

Malware Config

Extracted

Extracted

Targets

Detect Xworm Payload

Xworm family

Downloads MZ/PE file

Executes dropped EXE

Legitimate hosting services abused for malware hosting/C2

Looks up external IP address via web service

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2