xworm | 5390974f82d7637e2131afe202866eff9cf5f14377636d9f5fb3d29c54093763 | Triage

Submit
Reports

Overview

overview

Static

static

3

Devoarmy.exe

windows10-2004-x64

Sharing

Copy URL Twitter E-mail

General

Target

Devoarmy.exe
Size

77KB
Sample

240817-pp14waycmn
MD5

6bd4b2dd8dd52251e1ffcbb6a8101875
SHA1

04075dce494a7eaee97df11bbf4a429c9aec7e69
SHA256

5390974f82d7637e2131afe202866eff9cf5f14377636d9f5fb3d29c54093763
SHA512

51061ea462deb93b3b5f2164e446d1eecda6728fac7eb67b91af77da9e84170ddbdd2b707f6cf3b466e46f05506b15efb0a15ecac47068a7016a3917d4dada9b
SSDEEP

1536:ESmiUNs6qJrJgEkuUoGaOAR0Erg8aWc3buY2GGvOrOxT/uOwG6GtN0C:EidrJgEkqGaNST3bz2zJGOdP

Score

10^/10

xworm execution rat trojan

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

Devoarmy.exe

Resource

win10v2004-20240802-en

xworm execution rat trojan

windows10-2004-x64

11 signatures

150 seconds

Malware Config

Extracted

Family

xworm

C2

wiz.bounceme.net:6000

Mutex

TsV4Qhz4pSYYlqfv

Attributes

install_file
USB.exe

aes.plain

Targets

- Target
  
  Devoarmy.exe
- Size
  
  77KB
- MD5
  
  6bd4b2dd8dd52251e1ffcbb6a8101875
- SHA1
  
  04075dce494a7eaee97df11bbf4a429c9aec7e69
- SHA256
  
  5390974f82d7637e2131afe202866eff9cf5f14377636d9f5fb3d29c54093763
- SHA512
  
  51061ea462deb93b3b5f2164e446d1eecda6728fac7eb67b91af77da9e84170ddbdd2b707f6cf3b466e46f05506b15efb0a15ecac47068a7016a3917d4dada9b
- SSDEEP
  
  1536:ESmiUNs6qJrJgEkuUoGaOAR0Erg8aWc3buY2GGvOrOxT/uOwG6GtN0C:EidrJgEkqGaNST3bz2zJGOdP
Score

10^/10

xworm execution rat trojan
- Detect Xworm Payload
- Xworm
  Xworm is a remote access trojan written in C#.
  trojan rat xworm
- Command and Scripting Interpreter: PowerShell
  Run Powershell to modify Windows Defender settings to add exclusions for file extensions, paths, and processes.
  execution
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Drops startup file
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
behavioral1

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Command and Scripting Interpreter

PowerShell

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

xwormexecutionrattrojan

© 2018-2025

Terms | Privacy