stormkitty | 7c431981e1962c71f936fc53951982071462f853f53c92dc3d4103ee5e3efe70 | Triage

Submit
Reports

Overview

overview

Static

static

XWorm V5.6.7z

windows10-ltsc_2021-x64

Resubmissions

28/03/2025, 18:40

250328-xbc4wszva1 10

27/03/2025, 22:53

250327-2vav4a1px4 10

Sharing

General

Target

XWorm V5.6.7z
Size

18.5MB
Sample

250328-xbc4wszva1
MD5

ea35b74bbe3cf8de1ddbd5ab10ada9b1
SHA1

6f20dd8865e84581ddfa7d4666bffeb812f2deed
SHA256

7c431981e1962c71f936fc53951982071462f853f53c92dc3d4103ee5e3efe70
SHA512

d9296919eec861a1e8ea72b5d590e8d6092a188208bda0f17ebb52744fbb702391022d25a51bbea041eb4db9f9d8c48ac3a0a2b14c4a5ed792c2914a7b657504
SSDEEP

393216:ACEYC65G+SwHO1JoCzXq5i+dDmpu06beWxEkNgwTZDZerBjkDGp5:6YC65G1wHezB+Ypt6beWES6rBjkDGp5

Score

10^/10

stormkitty xworm discovery ransomware rat trojan

Static task

static1

stormkitty xworm

6 signatures

Behavioral task

behavioral1

Sample

XWorm V5.6.7z

Resource

win10ltsc2021-20250314-en

xworm discovery ransomware rat trojan

windows10-ltsc_2021-x64

22 signatures

150 seconds

Malware Config

Extracted

Family

xworm

Version

5.0

C2

127.0.0.1:7000

Mutex

NWHLT6fwM3jt5tc9

Attributes

install_file
USB.exe

aes.plain

Targets

- Target
  
  XWorm V5.6.7z
- Size
  
  18.5MB
- MD5
  
  ea35b74bbe3cf8de1ddbd5ab10ada9b1
- SHA1
  
  6f20dd8865e84581ddfa7d4666bffeb812f2deed
- SHA256
  
  7c431981e1962c71f936fc53951982071462f853f53c92dc3d4103ee5e3efe70
- SHA512
  
  d9296919eec861a1e8ea72b5d590e8d6092a188208bda0f17ebb52744fbb702391022d25a51bbea041eb4db9f9d8c48ac3a0a2b14c4a5ed792c2914a7b657504
- SSDEEP
  
  393216:ACEYC65G+SwHO1JoCzXq5i+dDmpu06beWxEkNgwTZDZerBjkDGp5:6YC65G1wHezB+Ypt6beWES6rBjkDGp5
Score

10^/10

xworm discovery ransomware rat trojan
- Contains code to disable Windows Defender
  A .NET executable tasked with disabling Windows Defender capabilities such as realtime monitoring, blocking at first seen, etc.
- Detect Xworm Payload
- Xworm
  Xworm is a remote access trojan written in C#.
  trojan rat xworm
- Xworm family
  xworm
- Executes dropped EXE
- Uses the VBS compiler for execution
- Sets desktop wallpaper using registry
  ransomware
behavioral1

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Command and Scripting Interpreter

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Browser Information Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Defacement

Tasks

static1

stormkittyxworm

behavioral1

xwormdiscoveryransomwarerattrojan

© 2018-2025

Terms | Privacy