xworm | 187705ffd7c26b278ddc9af5b9a6fec11cc722aa73cc2faa0d4bdc30cf0ad040 | Triage

Submit
Reports

Overview

overview

Static

static

3

payload.dll

windows7-x64

1

payload.dll

windows10-2004-x64

Sharing

General

Target

d8fa975de692d69da160564073e68a07.bin
Size

222KB
Sample

231012-vjypfsfa68
MD5

502120d26f68e34b88c0bf1a863b6d59
SHA1

646e49923b123f062598e20e674c965f39806720
SHA256

187705ffd7c26b278ddc9af5b9a6fec11cc722aa73cc2faa0d4bdc30cf0ad040
SHA512

e05c79545e7b8af317ca36b01d3a35bab33cf6867eee3594d590eba86c848e69730959e853332bbf7ec38dd5e5e473dda6b8558aed0e9c5d501a8029c387eb9e
SSDEEP

6144:2jCsUwbrJD1N2fg+pbt4BMPVL/MDAsrQW96o87RJDixUdFC:9sPbd3+pp4+PVCAOQQ6l7PDiEFC

Score

10^/10

xworm rat trojan

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

payload.dll

Resource

win7-20230831-en

windows7-x64

1 signatures

150 seconds

Behavioral task

behavioral2

Sample

payload.dll

Resource

win10v2004-20230915-en

xworm rat trojan

windows10-2004-x64

6 signatures

150 seconds

Malware Config

Extracted

Family

xworm

Version

3.1

C2

154.53.51.233:8909

Mutex

3mkAT1e3lovqw1bd

Attributes

install_file
USB.exe

aes.plain

Targets

- Target
  
  payload.dll
- Size
  
  400.0MB
- MD5
  
  bf3478e111a78fe95787810b0b14df2f
- SHA1
  
  c46b0acd52996134f8c670863022f785364dc9c9
- SHA256
  
  24b2739b4e61c486554efb03e491cff9bde52b5f6bcf785c7784ab77fef9d0b2
- SHA512
  
  dc74c821914d49bc5536f7b71d279ecf1b4472fb3095b2853aabdc8b3e4fc1128badbdbdd1e06ee324a3db38d6a3c78054467aa7a51ac76fabe289ef13c819d8
- SSDEEP
  
  6144:eUA+z1A+PNVjAz95rop77Qc3YAkLnfKJrH6MuzMy4:eQA/95s7LEW76
Score

10^/10

xworm rat trojan
- Detect Xworm Payload
- Xworm
  Xworm is a remote access trojan written in C#.
  trojan rat xworm
behavioral1 behavioral2

MITRE ATT&CK Matrix

Tasks

static1

behavioral1

behavioral2

© 2018-2025

Terms | Privacy