xworm | 9b784a455868d9670106d82c504421506b94c040f1aa8d3bf129d6306b4db287 | Triage

Submit
Reports

Overview

overview

Static

static

9b784a4558...7N.exe

windows7-x64

9b784a4558...7N.exe

windows10-2004-x64

Sharing

Copy URL Twitter E-mail

General

Target

9b784a455868d9670106d82c504421506b94c040f1aa8d3bf129d6306b4db287N.exe
Size

76KB
Sample

240925-qb2nxswhqq
MD5

51b18ca06caef067d41e3f55234ce9d0
SHA1

5346383ed9415a479c9dad0dbb7eb6ae6a5545cb
SHA256

9b784a455868d9670106d82c504421506b94c040f1aa8d3bf129d6306b4db287
SHA512

48ec46d289f9075bd89682a070a79bc5ed832fe1fb6b7c31e2a4331550bddc2013892784e0fc9433035800b188e9a683fc1bfecfd1f75678db18be87c16b6cbb
SSDEEP

1536:uAyhYQDNkoAVOV066wJZzZ+bDyNiQw4gH6DD6O1+WPeURcb:KiEmoAwxzZ+bDys7OsWS

Score

10^/10

xworm execution rat trojan

Static task

static1

3 signatures

Behavioral task

behavioral1

Sample

9b784a455868d9670106d82c504421506b94c040f1aa8d3bf129d6306b4db287N.exe

Resource

win7-20240903-en

xworm execution rat trojan

windows7-x64

12 signatures

150 seconds

Behavioral task

behavioral2

Sample

9b784a455868d9670106d82c504421506b94c040f1aa8d3bf129d6306b4db287N.exe

Resource

win10v2004-20240802-en

xworm execution rat trojan

windows10-2004-x64

12 signatures

150 seconds

Malware Config

Extracted

Family

xworm

C2

week-measures.gl.at.ply.gg:52951

Attributes

Install_directory
%AppData%
install_file
BrowserUpdate.exe
telegram
https://api.telegram.org/bot7409084272:AAGfvawizs5psSM16en9CLFzI0ZQnCNB3SA

Targets

- Target
  
  9b784a455868d9670106d82c504421506b94c040f1aa8d3bf129d6306b4db287N.exe
- Size
  
  76KB
- MD5
  
  51b18ca06caef067d41e3f55234ce9d0
- SHA1
  
  5346383ed9415a479c9dad0dbb7eb6ae6a5545cb
- SHA256
  
  9b784a455868d9670106d82c504421506b94c040f1aa8d3bf129d6306b4db287
- SHA512
  
  48ec46d289f9075bd89682a070a79bc5ed832fe1fb6b7c31e2a4331550bddc2013892784e0fc9433035800b188e9a683fc1bfecfd1f75678db18be87c16b6cbb
- SSDEEP
  
  1536:uAyhYQDNkoAVOV066wJZzZ+bDyNiQw4gH6DD6O1+WPeURcb:KiEmoAwxzZ+bDys7OsWS
Score

10^/10

xworm execution rat trojan
- Detect Xworm Payload
- Xworm
  Xworm is a remote access trojan written in C#.
  trojan rat xworm
- Command and Scripting Interpreter: PowerShell
  Run Powershell to modify Windows Defender settings to add exclusions for file extensions, paths, and processes.
  execution
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Deletes itself
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Command and Scripting Interpreter

PowerShell

Scheduled Task/Job

Scheduled Task

Persistence

Scheduled Task/Job

Scheduled Task

Privilege Escalation

Scheduled Task/Job

Scheduled Task

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

xwormexecutionrattrojan

behavioral2

xwormexecutionrattrojan

© 2018-2025

Terms | Privacy