xworm | c29d978e33e1d80eb188cff6ebebd0a576480871a0c173f8132a7b14383a50a9 | Triage

Sharing

General

Target

SecuriteInfo.com.InjectorX-gen.27630.11355.exe
Size

5.5MB
Sample

250406-g6rb1asygz
MD5

d66272143362242811fc9849c98b47b5
SHA1

17194970bbfe4ef0402f413fce909c3ae57e5342
SHA256

c29d978e33e1d80eb188cff6ebebd0a576480871a0c173f8132a7b14383a50a9
SHA512

9aa0267466e63c69c651a5ffd9fb0ea8285bcf7f6b6a2d72d53e8af04c8077aca2b4839d5721a9ec4a3a55a4a6675cc4e1a9950ae4f85e67bf9b6e19d1a772dd
SSDEEP

98304:BRz6DQoEsUW47FR0mk3V0fCYe4mb5l74eZN:6DQoEsUW4wD3V0aYe/D

Score

10^/10

xworm discovery rat trojan

Malware Config

Extracted

Family

xworm

Version

5.0

C2

127.0.0.1:9000

45.134.39.20:9000

Mutex

oV8zKY7m1pKloRzQ

Attributes

install_file
USB.exe

aes.plain

Targets

- Target
  
  SecuriteInfo.com.InjectorX-gen.27630.11355.exe
- Size
  
  5.5MB
- MD5
  
  d66272143362242811fc9849c98b47b5
- SHA1
  
  17194970bbfe4ef0402f413fce909c3ae57e5342
- SHA256
  
  c29d978e33e1d80eb188cff6ebebd0a576480871a0c173f8132a7b14383a50a9
- SHA512
  
  9aa0267466e63c69c651a5ffd9fb0ea8285bcf7f6b6a2d72d53e8af04c8077aca2b4839d5721a9ec4a3a55a4a6675cc4e1a9950ae4f85e67bf9b6e19d1a772dd
- SSDEEP
  
  98304:BRz6DQoEsUW47FR0mk3V0fCYe4mb5l74eZN:6DQoEsUW4wD3V0aYe/D
Score

10^/10

xworm discovery rat trojan
- Detect Xworm Payload
- Suspicious use of NtCreateUserProcessOtherParentProcess
- Xworm
  Xworm is a remote access trojan written in C#.
  trojan rat xworm
- Xworm family
  xworm
- Suspicious use of SetThreadContext
behavioral1

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

xwormdiscoveryrattrojan