xworm | 484a30b81cf3769281feb290886357834d18c2022a00394a5c591417fe0c5603 | Triage

Submit
Reports

Overview

overview

Static

static

setup.exe

windows10-2004-x64

Sharing

Copy URL Twitter E-mail

General

Target

setup.exe
Size

41KB
Sample

241008-y8lb7stapk
MD5

8eab945fee9e24992a9f4175990b1f19
SHA1

b41956b072c8bf20fd71fab69b9fd3460da13306
SHA256

484a30b81cf3769281feb290886357834d18c2022a00394a5c591417fe0c5603
SHA512

52b4063529342d62de72f75ffafbf9f4fe47993f5facb012fd3990662d2c08d5fc426183321ff6869cbdd2d30aec77eabc75cc5bc8680fd723b60afc0b48cd29
SSDEEP

768:psydlfynBbCJvx5Ri0NTxtYJF5PJ9OACd68OMhd3E1V:psyfqnBbCTri0xfkFz9hE68OML0

Score

10^/10

xworm rat trojan

Static task

static1

3 signatures

Behavioral task

behavioral1

Sample

setup.exe

Resource

win10v2004-20241007-en

xworm rat trojan

windows10-2004-x64

9 signatures

600 seconds

Malware Config

Extracted

Family

xworm

Version

5.0

C2

members-korea.gl.at.ply.gg:11075

Mutex

9HyyMtIn425lv2KS

Attributes

Install_directory
%AppData%
install_file
USB.exe

aes.plain

Targets

- Target
  
  setup.exe
- Size
  
  41KB
- MD5
  
  8eab945fee9e24992a9f4175990b1f19
- SHA1
  
  b41956b072c8bf20fd71fab69b9fd3460da13306
- SHA256
  
  484a30b81cf3769281feb290886357834d18c2022a00394a5c591417fe0c5603
- SHA512
  
  52b4063529342d62de72f75ffafbf9f4fe47993f5facb012fd3990662d2c08d5fc426183321ff6869cbdd2d30aec77eabc75cc5bc8680fd723b60afc0b48cd29
- SSDEEP
  
  768:psydlfynBbCJvx5Ri0NTxtYJF5PJ9OACd68OMhd3E1V:psyfqnBbCTri0xfkFz9hE68OML0
Score

10^/10

xworm rat trojan
- Detect Xworm Payload
- Xworm
  Xworm is a remote access trojan written in C#.
  trojan rat xworm
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
behavioral1

MITRE ATT&CK Matrix

Tasks

static1

behavioral1

© 2018-2025

Terms | Privacy