xworm | d9acb8fc36fb78b72c6c51a753bac529acc7a00fe2ab64b2e5d98c3771884081 | Triage

Submit
Reports

Overview

overview

Static

static

3

Request fo...df.exe

windows7-x64

Request fo...df.exe

windows10-2004-x64

Sharing

General

Target

d9acb8fc36fb78b72c6c51a753bac529acc7a00fe2ab64b2e5d98c3771884081.z
Size

411KB
Sample

241101-gmkecaxhqk
MD5

da7a46ed3fd5ccf2effefd07f4aa379e
SHA1

6055fa8e06cf81359b31d556c285bd8a7ca4b1f4
SHA256

d9acb8fc36fb78b72c6c51a753bac529acc7a00fe2ab64b2e5d98c3771884081
SHA512

acb5ebc19f554bad705c05663eaeada6aa277378687237fa31eabc0eca65c58ffaa51496ce2080419b93c61591503e6aa0f73a18bf2de350ae020d2bc0752de5
SSDEEP

12288:xsQmcOuPCLvsu2IqDEzE1TsNmralj8IN5KFmg+M:xicOuPCLElYzEIjD+0g3

Score

10^/10

xworm discovery execution rat trojan

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

Request for Quotation.pdf.exe

Resource

win7-20240903-en

xworm discovery execution rat trojan

windows7-x64

8 signatures

150 seconds

Behavioral task

behavioral2

Sample

Request for Quotation.pdf.exe

Resource

win10v2004-20241007-en

xworm discovery execution rat trojan

windows10-2004-x64

8 signatures

150 seconds

Malware Config

Extracted

Family

xworm

Version

3.1

C2

kanrplest.duckdns.org:4068

Mutex

TdUxMCK2FUdy51AH

Attributes

Install_directory
%AppData%
install_file
USB.exe

aes.plain

Targets

- Target
  
  Request for Quotation.pdf.exe
- Size
  
  1.6MB
- MD5
  
  e431cc534657e37b3e84065eba53105e
- SHA1
  
  fc88bf55a27ca270c2c2dc721c64da6966a0a5c1
- SHA256
  
  0e4aa3896358b32016c903f837a762052757ebeeb525b4077062864710de329a
- SHA512
  
  4894c6dc19987f1b2e902cfa7314de8c179c85135fcd48ee103def925316e9f15fe65bd990c9c61d61a70672b7c1cff30c6c1ff751654f63327b9a2ce1016c03
- SSDEEP
  
  12288:C27f6PD2zYzh+FoVIx+AEA4KLvSt6xjplsi:Vf8xzwFdx+Y4kvF5si
Score

10^/10

xworm discovery execution rat trojan
- Detect Xworm Payload
- Xworm
  Xworm is a remote access trojan written in C#.
  trojan rat xworm
- Xworm family
  xworm
- Command and Scripting Interpreter: PowerShell
  Run Powershell to modify Windows Defender settings to add exclusions for file extensions, paths, and processes.
  execution
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Command and Scripting Interpreter

PowerShell

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

xwormdiscoveryexecutionrattrojan

behavioral2

xwormdiscoveryexecutionrattrojan

© 2018-2025

Terms | Privacy