xworm | 65c98bb84510c6ef706ab17912ecaafcc433b49a7c6c10efb02cfdfe4cb0ba47 | Triage

Submit
Reports

Overview

overview

Static

static

3

AVPGameProtect.exe

windows7-x64

AVPGameProtect.exe

windows10-2004-x64

Sharing

Copy URL Twitter E-mail

General

Target

AVPGameProtect.exe
Size

2.0MB
Sample

231016-c2l49sbc4v
MD5

ae8302cc3743e0cf591462ff99323b48
SHA1

a22a1376581511399d1ba6c19b9adf353b9a8deb
SHA256

65c98bb84510c6ef706ab17912ecaafcc433b49a7c6c10efb02cfdfe4cb0ba47
SHA512

e27cf857ca75c5f2e07e15c9024255ad820ef958e2600a227b33949f70dafbd9a0159adc1146899a6c48e20a5627e161ca4aac74077a9206a5b4d8329f9ae392
SSDEEP

49152:CQIG3ye106F68OmKm9lsACXfgWmG+HYRTu:0QABLqsAUDmG+5

Score

10^/10

xworm ransomware rat trojan

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

AVPGameProtect.exe

Resource

win7-20230831-en

xworm ransomware rat trojan

windows7-x64

16 signatures

150 seconds

Behavioral task

behavioral2

Sample

AVPGameProtect.exe

Resource

win10v2004-20230915-en

xworm ransomware rat trojan

windows10-2004-x64

19 signatures

150 seconds

Malware Config

Extracted

Family

xworm

Version

5.0

C2

fee-harmful.gl.at.ply.gg:41934

Mutex

9khqHSoKPdVOFMVm

Attributes

Install_directory
%AppData%
install_file
USB.exe

aes.plain

Targets

- Target
  
  AVPGameProtect.exe
- Size
  
  2.0MB
- MD5
  
  ae8302cc3743e0cf591462ff99323b48
- SHA1
  
  a22a1376581511399d1ba6c19b9adf353b9a8deb
- SHA256
  
  65c98bb84510c6ef706ab17912ecaafcc433b49a7c6c10efb02cfdfe4cb0ba47
- SHA512
  
  e27cf857ca75c5f2e07e15c9024255ad820ef958e2600a227b33949f70dafbd9a0159adc1146899a6c48e20a5627e161ca4aac74077a9206a5b4d8329f9ae392
- SSDEEP
  
  49152:CQIG3ye106F68OmKm9lsACXfgWmG+HYRTu:0QABLqsAUDmG+5
Score

10^/10

xworm ransomware rat trojan
- Detect Xworm Payload
- Xworm
  Xworm is a remote access trojan written in C#.
  trojan rat xworm
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Sets desktop wallpaper using registry
  ransomware
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Scheduled Task/Job

Persistence

Scheduled Task/Job

Privilege Escalation

Scheduled Task/Job

Defense Evasion

Modify Registry

Credential Access

Discovery

Peripheral Device Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Defacement

Tasks

static1

behavioral1

xwormransomwarerattrojan

behavioral2

xwormransomwarerattrojan

© 2018-2025

Terms | Privacy