xworm | 2b1f83d93f96ff93fd6f408b1ae52a9cc3d1fad917db88c887a07e039f7beaae | Triage

Submit
Reports

Overview

overview

Static

static

1

py.ps1

windows7-x64

1

py.ps1

windows10-2004-x64

Sharing

General

Target

py.ps1
Size

3.0MB
Sample

240422-myzajaae7y
MD5

ac9dc593ee7a0648490fba31ab3a0f41
SHA1

dbd75036dff187bb000a843f48f890d6d0581162
SHA256

2b1f83d93f96ff93fd6f408b1ae52a9cc3d1fad917db88c887a07e039f7beaae
SHA512

55af405a0d328f536d7b88e14aa463fb45e11c929d085a3a7f99e6e26101078eb6bb6ba5e919ba3df3417c68400dbf7f3d08960f7987ad0d3c9d6667d5bd1544
SSDEEP

24576:5Vm+wL72rNiCumobcPioNJBrs54nSACpgjtI6l+UFwHA2/vU31SPKwJZC6nT+:j0Y

Score

10^/10

xworm rat trojan

Static task

static1

Behavioral task

behavioral1

Sample

py.ps1

Resource

win7-20231129-en

windows7-x64

2 signatures

150 seconds

Behavioral task

behavioral2

Sample

py.ps1

Resource

win10v2004-20240226-en

xworm rat trojan

windows10-2004-x64

9 signatures

150 seconds

Malware Config

Extracted

Family

xworm

Version

5.0

C2

dcxwq1.duckdns.org:7000

Mutex

KuxjcUwK7YR0UBzc

Attributes

install_file
USB.exe

aes.plain

Targets

- Target
  
  py.ps1
- Size
  
  3.0MB
- MD5
  
  ac9dc593ee7a0648490fba31ab3a0f41
- SHA1
  
  dbd75036dff187bb000a843f48f890d6d0581162
- SHA256
  
  2b1f83d93f96ff93fd6f408b1ae52a9cc3d1fad917db88c887a07e039f7beaae
- SHA512
  
  55af405a0d328f536d7b88e14aa463fb45e11c929d085a3a7f99e6e26101078eb6bb6ba5e919ba3df3417c68400dbf7f3d08960f7987ad0d3c9d6667d5bd1544
- SSDEEP
  
  24576:5Vm+wL72rNiCumobcPioNJBrs54nSACpgjtI6l+UFwHA2/vU31SPKwJZC6nT+:j0Y
Score

10^/10

xworm rat trojan
- Detect Xworm Payload
- Suspicious use of NtCreateUserProcessOtherParentProcess
- Xworm
  Xworm is a remote access trojan written in C#.
  trojan rat xworm
behavioral1 behavioral2

MITRE ATT&CK Matrix

Tasks

static1

behavioral1

behavioral2

© 2018-2025

Terms | Privacy