xworm | fd3b7fe5e00fa4cc4f959db0c97908202a0f8054bf3aebecc57bf22f30f349ae | Triage

Submit
Reports

Overview

overview

Static

static

3

jjj.exe

windows7-x64

jjj.exe

windows10-2004-x64

Sharing

General

Target

jjj.exe
Size

773KB
Sample

241101-13w8maxngl
MD5

87a896c479974de2a6e2bea021e4ba23
SHA1

67e4d876097d823c18bd06d13250e27b1645080c
SHA256

fd3b7fe5e00fa4cc4f959db0c97908202a0f8054bf3aebecc57bf22f30f349ae
SHA512

2f510199800543655403476360b5815ceb87f74bc60c6c51cbebd1baf25ce48254f53ce6e8f430f1981f3aef03bc371f8d177a0e9a64f01b1fb7323d0fb353e2
SSDEEP

12288:iTfx1EdDy76ztuJdJHR4ih+IbwOnNeFknYhzQ0GyG4Gt1BfPnM2vDwvfxCo:W18VJqdduigIsOnNe44E0GFPz82vDgz

Score

10^/10

xworm defense_evasion rat trojan

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

jjj.exe

Resource

win7-20241010-en

xworm defense_evasion rat trojan

windows7-x64

11 signatures

150 seconds

Behavioral task

behavioral2

Sample

jjj.exe

Resource

win10v2004-20241007-en

xworm defense_evasion rat trojan

windows10-2004-x64

15 signatures

150 seconds

Malware Config

Extracted

Family

xworm

C2

83.38.24.1:1603

Attributes

Install_directory
%Userprofile%
install_file
svhost.exe

Targets

- Target
  
  jjj.exe
- Size
  
  773KB
- MD5
  
  87a896c479974de2a6e2bea021e4ba23
- SHA1
  
  67e4d876097d823c18bd06d13250e27b1645080c
- SHA256
  
  fd3b7fe5e00fa4cc4f959db0c97908202a0f8054bf3aebecc57bf22f30f349ae
- SHA512
  
  2f510199800543655403476360b5815ceb87f74bc60c6c51cbebd1baf25ce48254f53ce6e8f430f1981f3aef03bc371f8d177a0e9a64f01b1fb7323d0fb353e2
- SSDEEP
  
  12288:iTfx1EdDy76ztuJdJHR4ih+IbwOnNeFknYhzQ0GyG4Gt1BfPnM2vDwvfxCo:W18VJqdduigIsOnNe44E0GFPz82vDgz
Score

10^/10

xworm defense_evasion rat trojan
- Detect Xworm Payload
- Xworm
  Xworm is a remote access trojan written in C#.
  trojan rat xworm
- Xworm family
  xworm
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
- Obfuscated Files or Information: Command Obfuscation
  Adversaries may obfuscate content during command execution to impede detection.
  defense_evasion
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Obfuscated Files or Information

Command Obfuscation

Credential Access

Discovery

Peripheral Device Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

xwormdefense_evasionrattrojan

behavioral2

xwormdefense_evasionrattrojan

© 2018-2025

Terms | Privacy