xworm | 5fbae4b6f13ae53c0c72395da9aaff02bdd023adb735512a17d951feb869f124 | Triage

Submit
Reports

Overview

overview

Static

static

3

jjjjjjjjjj...jj.exe

windows7-x64

jjjjjjjjjj...jj.exe

windows10-2004-x64

Sharing

General

Target

jjjjjjjjjjjjjjjjjjjjjjjjjjj.exe
Size

930KB
Sample

241101-1aq6xatpas
MD5

327b7ea8c22c6fde0cc18d55f1b93d6d
SHA1

32212f75534b53e499db147c35e116413e9d93f8
SHA256

5fbae4b6f13ae53c0c72395da9aaff02bdd023adb735512a17d951feb869f124
SHA512

a40a7854947b7a38c7a369885eea28e48a52a275871a2d2038d4b8a6bb01112513ee463cccb9d0deb596331bb0c2debdf8130d3a794472fd7c5170e94d2a5eb1
SSDEEP

24576:tcjJkDRAIlgn/SwykVe6xBpHHd58Alq35GJ:tc1kdAIlKqwX8U/Blq35W

Score

10^/10

xworm rat trojan

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

jjjjjjjjjjjjjjjjjjjjjjjjjjj.exe

Resource

win7-20240903-en

xworm rat trojan

windows7-x64

8 signatures

150 seconds

Behavioral task

behavioral2

Sample

jjjjjjjjjjjjjjjjjjjjjjjjjjj.exe

Resource

win10v2004-20241007-en

xworm rat trojan

windows10-2004-x64

9 signatures

150 seconds

Malware Config

Extracted

Family

xworm

C2

83.38.28.117:1603

83.38.24.1:1603

Attributes

Install_directory
%Temp%
install_file
RuntimeBroker.exe

Targets

- Target
  
  jjjjjjjjjjjjjjjjjjjjjjjjjjj.exe
- Size
  
  930KB
- MD5
  
  327b7ea8c22c6fde0cc18d55f1b93d6d
- SHA1
  
  32212f75534b53e499db147c35e116413e9d93f8
- SHA256
  
  5fbae4b6f13ae53c0c72395da9aaff02bdd023adb735512a17d951feb869f124
- SHA512
  
  a40a7854947b7a38c7a369885eea28e48a52a275871a2d2038d4b8a6bb01112513ee463cccb9d0deb596331bb0c2debdf8130d3a794472fd7c5170e94d2a5eb1
- SSDEEP
  
  24576:tcjJkDRAIlgn/SwykVe6xBpHHd58Alq35GJ:tc1kdAIlKqwX8U/Blq35W
Score

10^/10

xworm rat trojan
- Detect Xworm Payload
- Xworm
  Xworm is a remote access trojan written in C#.
  trojan rat xworm
- Xworm family
  xworm
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2

© 2018-2025

Terms | Privacy