xworm | a8602f61da135d8dd308b6acb0338f9b9da4024f9ff302490800af85b242eeed | Triage

Submit
Reports

Overview

overview

Static

static

3

a8602f61da...ed.exe

windows7-x64

a8602f61da...ed.exe

windows10-2004-x64

Sharing

Copy URL Twitter E-mail

General

Target

a8602f61da135d8dd308b6acb0338f9b9da4024f9ff302490800af85b242eeed.exe
Size

668KB
Sample

240615-cd33wavgpc
MD5

14ab397c433b92d64015617db5065e44
SHA1

8bf6233d6689ef9bce781b7999e482906a288143
SHA256

a8602f61da135d8dd308b6acb0338f9b9da4024f9ff302490800af85b242eeed
SHA512

d9f36d85907e77316298a0b5db54c09285fba4de780b130c1a7a9d36f309c428a99ec294e6df2a71402ba2e1dc4b424c1810d1f403a45b8bd2b8799aa9cd121c
SSDEEP

6144:fGGQjEhcjHYHenocjSW0HKS2o72gOE9ftZbWn5eXDSJDRa4S2pjn:+GQjEhCfd0HL9BTMkQ7pjn

Score

10^/10

xworm rat trojan

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

a8602f61da135d8dd308b6acb0338f9b9da4024f9ff302490800af85b242eeed.exe

Resource

win7-20240611-en

xworm rat trojan

windows7-x64

8 signatures

150 seconds

Behavioral task

behavioral2

Sample

a8602f61da135d8dd308b6acb0338f9b9da4024f9ff302490800af85b242eeed.exe

Resource

win10v2004-20240508-en

xworm rat trojan

windows10-2004-x64

7 signatures

150 seconds

Malware Config

Extracted

Family

xworm

Version

5.0

C2

64.226.123.178:6098

Mutex

1z0ENxCLSR3XRSre

Attributes

install_file
USB.exe

aes.plain

Targets

- Target
  
  a8602f61da135d8dd308b6acb0338f9b9da4024f9ff302490800af85b242eeed.exe
- Size
  
  668KB
- MD5
  
  14ab397c433b92d64015617db5065e44
- SHA1
  
  8bf6233d6689ef9bce781b7999e482906a288143
- SHA256
  
  a8602f61da135d8dd308b6acb0338f9b9da4024f9ff302490800af85b242eeed
- SHA512
  
  d9f36d85907e77316298a0b5db54c09285fba4de780b130c1a7a9d36f309c428a99ec294e6df2a71402ba2e1dc4b424c1810d1f403a45b8bd2b8799aa9cd121c
- SSDEEP
  
  6144:fGGQjEhcjHYHenocjSW0HKS2o72gOE9ftZbWn5eXDSJDRa4S2pjn:+GQjEhCfd0HL9BTMkQ7pjn
Score

10^/10

xworm rat trojan
- Detect Xworm Payload
- Xworm
  Xworm is a remote access trojan written in C#.
  trojan rat xworm
- Detects Windows executables referencing non-Windows User-Agents
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix

Tasks

static1

behavioral1

behavioral2

© 2018-2025

Terms | Privacy