xworm | 72db350204141827d99c4938c7e38d101e1a2d74250463070a1edbf4e49350bd | Triage

Submit
Reports

Overview

overview

Static

static

3

72db350204...bd.exe

windows7-x64

72db350204...bd.exe

windows10-2004-x64

Sharing

General

Target

72db350204141827d99c4938c7e38d101e1a2d74250463070a1edbf4e49350bd.exe
Size

726KB
Sample

240615-b5xjqsydll
MD5

041f9aff555780cf8970f612fb828b4d
SHA1

77634783fb1bf44c137aac5e79b95526810df240
SHA256

72db350204141827d99c4938c7e38d101e1a2d74250463070a1edbf4e49350bd
SHA512

dad68396b3cafda7575b64d37c77caac60a0ebc3a6e4e80466aeb5b0d12b8d0aaea0042aafdb75ec42235e011f633edec17041bf72f80f94a6377a1a25c0337c
SSDEEP

6144:vrAtoxsgGHIB8FnEE3tFKT7MyyLymqDpFzPD/rZucHCQgAt+BQjn:8tCqVFb3tFKIept5ukC9E+BQjn

Score

10^/10

xworm rat trojan

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

72db350204141827d99c4938c7e38d101e1a2d74250463070a1edbf4e49350bd.exe

Resource

win7-20240220-en

xworm rat trojan

windows7-x64

6 signatures

150 seconds

Behavioral task

behavioral2

Sample

72db350204141827d99c4938c7e38d101e1a2d74250463070a1edbf4e49350bd.exe

Resource

win10v2004-20240508-en

xworm rat trojan

windows10-2004-x64

6 signatures

150 seconds

Malware Config

Extracted

Family

xworm

Version

5.0

C2

64.226.123.178:6098

Mutex

1z0ENxCLSR3XRSre

Attributes

install_file
USB.exe

aes.plain

Targets

- Target
  
  72db350204141827d99c4938c7e38d101e1a2d74250463070a1edbf4e49350bd.exe
- Size
  
  726KB
- MD5
  
  041f9aff555780cf8970f612fb828b4d
- SHA1
  
  77634783fb1bf44c137aac5e79b95526810df240
- SHA256
  
  72db350204141827d99c4938c7e38d101e1a2d74250463070a1edbf4e49350bd
- SHA512
  
  dad68396b3cafda7575b64d37c77caac60a0ebc3a6e4e80466aeb5b0d12b8d0aaea0042aafdb75ec42235e011f633edec17041bf72f80f94a6377a1a25c0337c
- SSDEEP
  
  6144:vrAtoxsgGHIB8FnEE3tFKT7MyyLymqDpFzPD/rZucHCQgAt+BQjn:8tCqVFb3tFKIept5ukC9E+BQjn
Score

10^/10

xworm rat trojan
- Detect Xworm Payload
- Xworm
  Xworm is a remote access trojan written in C#.
  trojan rat xworm
- Detects Windows executables referencing non-Windows User-Agents
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix

Tasks

static1

behavioral1

behavioral2

© 2018-2024

Terms | Privacy