xworm | 0a0a6608a80b982fc1f0897b89c9ffa58ba58e3c2d1c200155e47c495b0c6150 | Triage

Submit
Reports

Overview

overview

Static

static

1

0a0a6608a8...50.cmd

windows7-x64

1

0a0a6608a8...50.cmd

windows10-2004-x64

Sharing

General

Target

0a0a6608a80b982fc1f0897b89c9ffa58ba58e3c2d1c200155e47c495b0c6150.cmd
Size

500KB
Sample

240701-bcv57svark
MD5

6e45850d43bde1d6bc68ab6b07daf153
SHA1

427ed64bb89e6bf40e59276768d37152c209e976
SHA256

0a0a6608a80b982fc1f0897b89c9ffa58ba58e3c2d1c200155e47c495b0c6150
SHA512

e44ea25026d2146991e61eb82ed6028af248fb9235b271f665943b432833e3274a3e9ae9ffc912436b294e6a450337cbd251daafad11c926a41cc942042b4f81
SSDEEP

12288:Co8xbtgA4f9Ek3aoC4QvfD2ZK1n6B4XyZYi9lGUnnQ:Co8NtsaCm1nhqD9ginQ

Score

10^/10

xworm execution rat trojan

Static task

static1

Behavioral task

behavioral1

Sample

0a0a6608a80b982fc1f0897b89c9ffa58ba58e3c2d1c200155e47c495b0c6150.cmd

Resource

win7-20240419-en

windows7-x64

1 signatures

150 seconds

Behavioral task

behavioral2

Sample

0a0a6608a80b982fc1f0897b89c9ffa58ba58e3c2d1c200155e47c495b0c6150.cmd

Resource

win10v2004-20240226-en

xworm execution rat trojan

windows10-2004-x64

6 signatures

150 seconds

Malware Config

Extracted

Family

xworm

Version

5.0

C2

korkos.now-dns.net:999

Mutex

PloDJK2PhSuWy8rU

Attributes

install_file
USB.exe

aes.plain

Targets

- Target
  
  0a0a6608a80b982fc1f0897b89c9ffa58ba58e3c2d1c200155e47c495b0c6150.cmd
- Size
  
  500KB
- MD5
  
  6e45850d43bde1d6bc68ab6b07daf153
- SHA1
  
  427ed64bb89e6bf40e59276768d37152c209e976
- SHA256
  
  0a0a6608a80b982fc1f0897b89c9ffa58ba58e3c2d1c200155e47c495b0c6150
- SHA512
  
  e44ea25026d2146991e61eb82ed6028af248fb9235b271f665943b432833e3274a3e9ae9ffc912436b294e6a450337cbd251daafad11c926a41cc942042b4f81
- SSDEEP
  
  12288:Co8xbtgA4f9Ek3aoC4QvfD2ZK1n6B4XyZYi9lGUnnQ:Co8NtsaCm1nhqD9ginQ
Score

10^/10

xworm execution rat trojan
- Detect Xworm Payload
- Xworm
  Xworm is a remote access trojan written in C#.
  trojan rat xworm
- Command and Scripting Interpreter: PowerShell
  Run Powershell and hide display window.
  execution
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Command and Scripting Interpreter

PowerShell

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks

static1

behavioral1

behavioral2

xwormexecutionrattrojan

© 2018-2024

Terms | Privacy