xworm | 5af52c3ffabb33cb0cfb8d0a501267dc5102d46e840aa15c7316b07ec08da258 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

250520-1ptkksxnz8.bin
Size

33KB
Sample

250520-1q4f6sxpt3
MD5

a15541867e29db90e388b8e3f64210ab
SHA1

ff705442e7047a1f8b984dabba3389fb29a774f2
SHA256

5af52c3ffabb33cb0cfb8d0a501267dc5102d46e840aa15c7316b07ec08da258
SHA512

48667fe745863a6cbed8f6b2da1c74b443a3ceec0eb9869cfa4e598f458b17cc0f840a5f38cc6cb823cb3cc752091730b55d3ddc27ed6d5abf8ef32591e4f805
SSDEEP

384:9B9DoGfK6VkuLNUaN6sd6+fpehz5JpkFy7BLThOZwxJmTv99IkcisfH6xOjhDI0G:5DlfKZKNUaJRp8eFy29FROjhE0jy

Score

10^/10

xworm rat trojan

Malware Config

Extracted

Family

xworm

Version

5.0

Mutex

zvPgopnwRBeLqFpF

Attributes

install_file
USB.exe
pastebin_url
https://pastebin.com/raw/8b1GW10U

aes.plain

Targets

- Target
  
  250520-1ptkksxnz8.bin
- Size
  
  33KB
- MD5
  
  a15541867e29db90e388b8e3f64210ab
- SHA1
  
  ff705442e7047a1f8b984dabba3389fb29a774f2
- SHA256
  
  5af52c3ffabb33cb0cfb8d0a501267dc5102d46e840aa15c7316b07ec08da258
- SHA512
  
  48667fe745863a6cbed8f6b2da1c74b443a3ceec0eb9869cfa4e598f458b17cc0f840a5f38cc6cb823cb3cc752091730b55d3ddc27ed6d5abf8ef32591e4f805
- SSDEEP
  
  384:9B9DoGfK6VkuLNUaN6sd6+fpehz5JpkFy7BLThOZwxJmTv99IkcisfH6xOjhDI0G:5DlfKZKNUaJRp8eFy29FROjhE0jy
Score

10^/10

xworm rat trojan
- Detect Xworm Payload
- Xworm
  Xworm is a remote access trojan written in C#.
  trojan rat xworm
- Xworm family
  xworm
- Legitimate hosting services abused for malware hosting/C2
behavioral1 behavioral2

MITRE ATT&CK Enterprise v16

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Web Service

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2