xworm | dcdbe508d0df17aee3990fe5e92adbe5eb224ce37ffe065309e915fb6a3753d5 | Triage

Submit
Reports

Overview

overview

Static

static

3

jjjjjjjj.exe

windows7-x64

jjjjjjjj.exe

windows10-2004-x64

Sharing

General

Target

jjjjjjjj.exe
Size

878KB
Sample

241101-1c1s5axlcl
MD5

0d33945fc6c87fb66367a372e6720061
SHA1

7b35613a5ab231eee431cc59a4875e29df566f31
SHA256

dcdbe508d0df17aee3990fe5e92adbe5eb224ce37ffe065309e915fb6a3753d5
SHA512

ff2406750bd34eb9143e7e9a175b1babf39b31a13f5410987d4fe01aa1a1d526be369f6d5f41f7823fa0f2024c77b817d74a45dec2134653a94aba71e33547f6
SSDEEP

12288:8EcjvXrQXIo5VImI+M+WLourRNN6wa/XKsR0CcxB49X85GpX:8NjrIVZIJPNha/X50CcxV5GJ

Score

10^/10

xworm rat trojan

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

jjjjjjjj.exe

Resource

win7-20241010-en

xworm rat trojan

windows7-x64

8 signatures

150 seconds

Behavioral task

behavioral2

Sample

jjjjjjjj.exe

Resource

win10v2004-20241007-en

xworm rat trojan

windows10-2004-x64

13 signatures

150 seconds

Malware Config

Extracted

Family

xworm

C2

83.38.24.1:1603

Attributes

Install_directory
%Temp%
install_file
SecurityHealthSystray.exe

Targets

- Target
  
  jjjjjjjj.exe
- Size
  
  878KB
- MD5
  
  0d33945fc6c87fb66367a372e6720061
- SHA1
  
  7b35613a5ab231eee431cc59a4875e29df566f31
- SHA256
  
  dcdbe508d0df17aee3990fe5e92adbe5eb224ce37ffe065309e915fb6a3753d5
- SHA512
  
  ff2406750bd34eb9143e7e9a175b1babf39b31a13f5410987d4fe01aa1a1d526be369f6d5f41f7823fa0f2024c77b817d74a45dec2134653a94aba71e33547f6
- SSDEEP
  
  12288:8EcjvXrQXIo5VImI+M+WLourRNN6wa/XKsR0CcxB49X85GpX:8NjrIVZIJPNha/X50CcxV5GJ
Score

10^/10

xworm rat trojan
- Detect Xworm Payload
- Xworm
  Xworm is a remote access trojan written in C#.
  trojan rat xworm
- Xworm family
  xworm
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Peripheral Device Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2

© 2018-2025

Terms | Privacy