xworm | bb7746771375e01fdcf8b68b46c17427c18a0df1db5b08e87c2739eed0fc1a02 | Triage

Submit
Reports

Overview

overview

Static

static

3

nates macro.exe

windows7-x64

8

nates macro.exe

windows10-2004-x64

Sharing

General

Target

nates macro.exe
Size

10.2MB
Sample

240701-h2wllasdjn
MD5

0abc92aa1ed1a37ee69430aad29db0cf
SHA1

b643f7deb310534a498a2ab0d6e3003d32f1a531
SHA256

bb7746771375e01fdcf8b68b46c17427c18a0df1db5b08e87c2739eed0fc1a02
SHA512

da719082c32f6d41c5c918a341532f1d0aac1a1bcc4c1b50cbeca6ef48731b909f6c255650eeae45530cca782bdc5bcd453117f5475f9b081bfa524f8a6eccdd
SSDEEP

196608:/7PiafrD8T87vHkX4FOLnp7rhi1NeFI3Bnefve5747TxOFDhk:/7hri87f1Fu7liT3COGTxo+

Score

10^/10

xworm execution rat trojan

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

nates macro.exe

Resource

win7-20240508-en

windows7-x64

9 signatures

150 seconds

Behavioral task

behavioral2

Sample

nates macro.exe

Resource

win10v2004-20240226-en

xworm execution rat trojan

windows10-2004-x64

15 signatures

150 seconds

Malware Config

Extracted

Family

xworm

Version

5.0

C2

amount-socket.gl.at.ply.gg:29643

Mutex

CBOJbsqFCwukBOQm

Attributes

install_file
USB.exe

aes.plain

Targets

- Target
  
  nates macro.exe
- Size
  
  10.2MB
- MD5
  
  0abc92aa1ed1a37ee69430aad29db0cf
- SHA1
  
  b643f7deb310534a498a2ab0d6e3003d32f1a531
- SHA256
  
  bb7746771375e01fdcf8b68b46c17427c18a0df1db5b08e87c2739eed0fc1a02
- SHA512
  
  da719082c32f6d41c5c918a341532f1d0aac1a1bcc4c1b50cbeca6ef48731b909f6c255650eeae45530cca782bdc5bcd453117f5475f9b081bfa524f8a6eccdd
- SSDEEP
  
  196608:/7PiafrD8T87vHkX4FOLnp7rhi1NeFI3Bnefve5747TxOFDhk:/7hri87f1Fu7liT3COGTxo+
Score

10^/10

execution xworm rat trojan
- Detect Xworm Payload
- Xworm
  Xworm is a remote access trojan written in C#.
  trojan rat xworm
- Blocklisted process makes network request
- Command and Scripting Interpreter: PowerShell
  Run Powershell and hide display window.
  execution
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Command and Scripting Interpreter

PowerShell

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks

static1

behavioral1

behavioral2

xwormexecutionrattrojan

© 2018-2024

Terms | Privacy