xworm | 079d337d66f2075d4e16ae95de3a5afdaa053f69a662fb21e6b6abfb28efb82a | Triage

Submit
Reports

Overview

overview

Static

static

1

decoded_17264d9b.ps1

windows7-x64

1

decoded_17264d9b.ps1

windows10-2004-x64

Sharing

Copy URL Twitter E-mail

General

Target

decoded_17264d9b.ps1
Size

604KB
Sample

240423-akq1saaa47
MD5

09dd542e53d7f48b5a3d60032e954d35
SHA1

508513c1ab6332e8379bea6e078a206a36ab1df5
SHA256

079d337d66f2075d4e16ae95de3a5afdaa053f69a662fb21e6b6abfb28efb82a
SHA512

6baba1dc00a68a39e428fdd243414614437aac08fb619317155d12c780b9ed4a1a0d598ba45d9ba25c5dba12fbfe056e878a46c7b41469c125347ebd27b35a0b
SSDEEP

12288:7Tc6KAxcKt/GV5Xrh8jcN9pG021bOMbL/GfDvJUwXW9:EeHunbY6S5OZzmD

Score

10^/10

xworm rat trojan

Static task

static1

Behavioral task

behavioral1

Sample

decoded_17264d9b.ps1

Resource

win7-20240215-en

windows7-x64

2 signatures

150 seconds

Behavioral task

behavioral2

Sample

decoded_17264d9b.ps1

Resource

win10v2004-20240412-en

xworm rat trojan

windows10-2004-x64

8 signatures

150 seconds

Malware Config

Extracted

Family

xworm

Version

5.0

C2

dcxwq1.duckdns.org:7000

Mutex

l3S37X5v6MhQ1Jg4

Attributes

install_file
USB.exe

aes.plain

Targets

- Target
  
  decoded_17264d9b.ps1
- Size
  
  604KB
- MD5
  
  09dd542e53d7f48b5a3d60032e954d35
- SHA1
  
  508513c1ab6332e8379bea6e078a206a36ab1df5
- SHA256
  
  079d337d66f2075d4e16ae95de3a5afdaa053f69a662fb21e6b6abfb28efb82a
- SHA512
  
  6baba1dc00a68a39e428fdd243414614437aac08fb619317155d12c780b9ed4a1a0d598ba45d9ba25c5dba12fbfe056e878a46c7b41469c125347ebd27b35a0b
- SSDEEP
  
  12288:7Tc6KAxcKt/GV5Xrh8jcN9pG021bOMbL/GfDvJUwXW9:EeHunbY6S5OZzmD
Score

10^/10

xworm rat trojan
- Detect Xworm Payload
- Suspicious use of NtCreateUserProcessOtherParentProcess
- Xworm
  Xworm is a remote access trojan written in C#.
  trojan rat xworm
behavioral1 behavioral2

MITRE ATT&CK Matrix

Tasks

static1

behavioral1

behavioral2

© 2018-2025

Terms | Privacy