xworm | a25bff1c3254fa942a830abd32bd1953e282a321a94ab9fc22e25f66d5f4b1a2 | Triage

Submit
Reports

Overview

overview

Static

static

1

Nkomssgp.exe

windows11-21h2-x64

Sharing

Copy URL Twitter E-mail

General

Target

Nkomssgp.exe
Size

4.6MB
Sample

240615-fxy5tatdlr
MD5

1d6421617b9bdaccaa87db2edc96cda0
SHA1

002eb8b01151aebe91d8a8f8d4ed52c3aad9e1b2
SHA256

a25bff1c3254fa942a830abd32bd1953e282a321a94ab9fc22e25f66d5f4b1a2
SHA512

80f991929992adeda30d8137bf59c435671548f4580dac3e1c6df7c129c5d554711365a3b375cff8568345f554f971026ea60785931deeb8baacd6c643e92104
SSDEEP

24576:w5VeFILu7XJJbYzr8KNJWtOh6S9JD4E678avKanuEXLI16NqX6QZkUHHsOS8dK/Z:4Vw

Score

10^/10

xworm execution rat trojan

Static task

static1

Behavioral task

behavioral1

Sample

Nkomssgp.exe

Resource

win11-20240611-en

xworm execution rat trojan

windows11-21h2-x64

11 signatures

60 seconds

Malware Config

Targets

- Target
  
  Nkomssgp.exe
- Size
  
  4.6MB
- MD5
  
  1d6421617b9bdaccaa87db2edc96cda0
- SHA1
  
  002eb8b01151aebe91d8a8f8d4ed52c3aad9e1b2
- SHA256
  
  a25bff1c3254fa942a830abd32bd1953e282a321a94ab9fc22e25f66d5f4b1a2
- SHA512
  
  80f991929992adeda30d8137bf59c435671548f4580dac3e1c6df7c129c5d554711365a3b375cff8568345f554f971026ea60785931deeb8baacd6c643e92104
- SSDEEP
  
  24576:w5VeFILu7XJJbYzr8KNJWtOh6S9JD4E678avKanuEXLI16NqX6QZkUHHsOS8dK/Z:4Vw
Score

10^/10

xworm execution rat trojan
- Detect Xworm Payload
- Xworm
  Xworm is a remote access trojan written in C#.
  trojan rat xworm
- Command and Scripting Interpreter: PowerShell
  Run Powershell to modify Windows Defender settings to add exclusions for file extensions, paths, and processes.
  execution
- Legitimate hosting services abused for malware hosting/C2
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
- Suspicious use of SetThreadContext
behavioral1

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Command and Scripting Interpreter

PowerShell

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

Lateral Movement

Collection

Command and Control

Web Service

Exfiltration

Impact

Tasks

static1

behavioral1

xwormexecutionrattrojan

© 2018-2025

Terms | Privacy