xworm | 26084a9f86b27b3d1853c2921d9eb46f1cff88baf52a38375021a3c65622c370 | Triage

Submit
Reports

Overview

overview

Static

static

drivers.exe

windows7-x64

drivers.exe

windows10-2004-x64

Sharing

General

Target

drivers.exe
Size

67KB
Sample

240927-qgpxbatgkm
MD5

f663ded3216427a6277c5da3831dab1e
SHA1

2a8a5995ecbf2d5bf1c81a32ee637c2e44e2938d
SHA256

26084a9f86b27b3d1853c2921d9eb46f1cff88baf52a38375021a3c65622c370
SHA512

002e2d558338fcc96ba022f5239e65b8d839dcd755e10ffd7bba3ef6e794d7593344587267ee1054b0a34d16a4278f89e877b7befc4ead6cc83e1dd134b99a02
SSDEEP

1536:SGt7jMPfimfLU+ZJeBb+kzTCNOg1eKRRq:SXTU+jeBb+2TiOg1Dq

Score

10^/10

xworm rat trojan

Static task

static1

3 signatures

Behavioral task

behavioral1

Sample

drivers.exe

Resource

win7-20240903-en

xworm rat trojan

windows7-x64

4 signatures

150 seconds

Behavioral task

behavioral2

Sample

drivers.exe

Resource

win10v2004-20240802-en

xworm rat trojan

windows10-2004-x64

4 signatures

150 seconds

Malware Config

Extracted

Family

xworm

C2

who-nat.gl.at.ply.gg:61669

Attributes

Install_directory
%LocalAppData%
install_file
yandex.exe

Targets

- Target
  
  drivers.exe
- Size
  
  67KB
- MD5
  
  f663ded3216427a6277c5da3831dab1e
- SHA1
  
  2a8a5995ecbf2d5bf1c81a32ee637c2e44e2938d
- SHA256
  
  26084a9f86b27b3d1853c2921d9eb46f1cff88baf52a38375021a3c65622c370
- SHA512
  
  002e2d558338fcc96ba022f5239e65b8d839dcd755e10ffd7bba3ef6e794d7593344587267ee1054b0a34d16a4278f89e877b7befc4ead6cc83e1dd134b99a02
- SSDEEP
  
  1536:SGt7jMPfimfLU+ZJeBb+kzTCNOg1eKRRq:SXTU+jeBb+2TiOg1Dq
Score

10^/10

xworm rat trojan
- Detect Xworm Payload
- Xworm
  Xworm is a remote access trojan written in C#.
  trojan rat xworm
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
behavioral1 behavioral2

MITRE ATT&CK Matrix

Tasks

static1

behavioral1

behavioral2

© 2018-2024

Terms | Privacy