General
-
Target
XWorm V5.6.rar
-
Size
22.8MB
-
Sample
250324-wrtadaxly9
-
MD5
4aa656911a46847468e480e74f37ae67
-
SHA1
340062970bc70a29707470afc0e66ebc9e1b507e
-
SHA256
3dcf82a5dcd4001b480d8f66c5fcf909c4ebfa1bb5a1d0870f93a0d571e1e522
-
SHA512
b5917ede96fe387b854a0dbb0458417107c8aa49d8e1beea75f64bb3745dde3eaf440b2a050ae88f944469fcdd31ef9492d5b3fa5c4a8312628480e1fa22cde2
-
SSDEEP
393216:3Q1PVYEBgaO7X32A4SM063jkxjeyYJTij/OzPj0uBki7X5urBRxPPS13LmVBXa:A1BmaO7X319Mr3jYeySTiTODj0uywX8G
Behavioral task
behavioral1
Sample
XWorm V5.6.rar
Resource
win11-20250314-en
Malware Config
Targets
-
-
Target
XWorm V5.6.rar
-
Size
22.8MB
-
MD5
4aa656911a46847468e480e74f37ae67
-
SHA1
340062970bc70a29707470afc0e66ebc9e1b507e
-
SHA256
3dcf82a5dcd4001b480d8f66c5fcf909c4ebfa1bb5a1d0870f93a0d571e1e522
-
SHA512
b5917ede96fe387b854a0dbb0458417107c8aa49d8e1beea75f64bb3745dde3eaf440b2a050ae88f944469fcdd31ef9492d5b3fa5c4a8312628480e1fa22cde2
-
SSDEEP
393216:3Q1PVYEBgaO7X32A4SM063jkxjeyYJTij/OzPj0uBki7X5urBRxPPS13LmVBXa:A1BmaO7X319Mr3jYeySTiTODj0uywX8G
-
Detect Xworm Payload
-
Njrat family
-
Xworm family
-
Command and Scripting Interpreter: PowerShell
Run Powershell to modify Windows Defender settings to add exclusions for file extensions, paths, and processes.
-
Modifies Windows Firewall
-
.NET Reactor proctector
Detects an executable protected by an unregistered version of Eziriz's .NET Reactor.
-
Executes dropped EXE
-
Adds Run key to start application
-
Drops file in System32 directory
-
MITRE ATT&CK Enterprise v15
Execution
Command and Scripting Interpreter
1PowerShell
1Scheduled Task/Job
1Scheduled Task
1Persistence
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Create or Modify System Process
1Windows Service
1Event Triggered Execution
1Netsh Helper DLL
1Scheduled Task/Job
1Scheduled Task
1Privilege Escalation
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Create or Modify System Process
1Windows Service
1Event Triggered Execution
1Netsh Helper DLL
1Scheduled Task/Job
1Scheduled Task
1Defense Evasion
Impair Defenses
1Disable or Modify System Firewall
1Modify Registry
1