xworm | 2b2a240fbda2933b546a6d1b495d21878b9bf67da1c7e5b4cad29c8b82c5d706 | Triage

Submit
Reports

Overview

overview

Static

static

2b2a240fbd...06.exe

windows7-x64

2b2a240fbd...06.exe

windows10-2004-x64

Sharing

Copy URL Twitter E-mail

General

Target

2b2a240fbda2933b546a6d1b495d21878b9bf67da1c7e5b4cad29c8b82c5d706.exe
Size

350KB
Sample

241014-bkkpfavbmc
MD5

8090c678b1ab88d330d94a8012682263
SHA1

062e28c4a590a278ceff6a3931498d53db6812ec
SHA256

2b2a240fbda2933b546a6d1b495d21878b9bf67da1c7e5b4cad29c8b82c5d706
SHA512

ecd6b917eab7d2e62006e58da5e839af15ef6abdf1ecf35dbfe2f6e354ef81e5fe23254480e5e6e5d8dd843c954bb23ef1331132485f08aa7737f0d27d2634a8
SSDEEP

1536:Fnnl3cS+NOAiebtmUcpCzb6HmnIOkPTbepp65U:FlMSSOQbtmpROkPPevSU

Score

10^/10

xworm rat trojan

Static task

static1

3 signatures

Behavioral task

behavioral1

Sample

2b2a240fbda2933b546a6d1b495d21878b9bf67da1c7e5b4cad29c8b82c5d706.exe

Resource

win7-20240708-en

xworm rat trojan

windows7-x64

4 signatures

150 seconds

Behavioral task

behavioral2

Sample

2b2a240fbda2933b546a6d1b495d21878b9bf67da1c7e5b4cad29c8b82c5d706.exe

Resource

win10v2004-20241007-en

xworm rat trojan

windows10-2004-x64

4 signatures

150 seconds

Malware Config

Extracted

Family

xworm

C2

methods-availability.gl.at.ply.gg:20557

Attributes

Install_directory
%AppData%
install_file
Discord.exe

Targets

- Target
  
  2b2a240fbda2933b546a6d1b495d21878b9bf67da1c7e5b4cad29c8b82c5d706.exe
- Size
  
  350KB
- MD5
  
  8090c678b1ab88d330d94a8012682263
- SHA1
  
  062e28c4a590a278ceff6a3931498d53db6812ec
- SHA256
  
  2b2a240fbda2933b546a6d1b495d21878b9bf67da1c7e5b4cad29c8b82c5d706
- SHA512
  
  ecd6b917eab7d2e62006e58da5e839af15ef6abdf1ecf35dbfe2f6e354ef81e5fe23254480e5e6e5d8dd843c954bb23ef1331132485f08aa7737f0d27d2634a8
- SSDEEP
  
  1536:Fnnl3cS+NOAiebtmUcpCzb6HmnIOkPTbepp65U:FlMSSOQbtmpROkPPevSU
Score

10^/10

xworm rat trojan
- Detect Xworm Payload
- Xworm
  Xworm is a remote access trojan written in C#.
  trojan rat xworm
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
behavioral1 behavioral2

MITRE ATT&CK Matrix

Tasks

static1

behavioral1

behavioral2

© 2018-2025

Terms | Privacy