xworm | 11ea34f77c834c824bfb59472c4c26a23918c13e701797a484a5e86544f18e7e | Triage

Submit
Reports

Overview

overview

Static

static

11ea34f77c...7e.exe

windows7-x64

11ea34f77c...7e.exe

windows10-2004-x64

Sharing

General

Target

11ea34f77c834c824bfb59472c4c26a23918c13e701797a484a5e86544f18e7e
Size

41KB
Sample

241101-xap23avqdk
MD5

86fbf5b376b5daae4018e7a1652b298e
SHA1

c91283deb333efb4c0db91bac8839e084cc58e27
SHA256

11ea34f77c834c824bfb59472c4c26a23918c13e701797a484a5e86544f18e7e
SHA512

801b2a8ec2f2d195e62fe994eaec43f1af2883559df7d03320b801b164e7a8ef8a13e332eb06e2fc6d071e4bb81d09cad2da817e5e17fb84e8a962dd6617217c
SSDEEP

768:+7yYO3CpRkfGG3XvgggPLJF5PG9pmajs6vOwhu3EuzE:yT6CpRvgXvvgtFI9Aajs6vOwkNQ

Score

10^/10

xworm rat trojan

Static task

static1

3 signatures

Behavioral task

behavioral1

Sample

11ea34f77c834c824bfb59472c4c26a23918c13e701797a484a5e86544f18e7e.exe

Resource

win7-20240903-en

xworm rat trojan

windows7-x64

5 signatures

150 seconds

Behavioral task

behavioral2

Sample

11ea34f77c834c824bfb59472c4c26a23918c13e701797a484a5e86544f18e7e.exe

Resource

win10v2004-20241007-en

xworm rat trojan

windows10-2004-x64

5 signatures

150 seconds

Malware Config

Extracted

Family

xworm

Version

5.0

C2

0.tcp.eu.ngrok.io:10358

6.tcp.eu.ngrok.io:10358

4.tcp.eu.ngrok.io:10358

Mutex

QvDYkhYsc5WBgCcl

Attributes

Install_directory
%AppData%
install_file
XClient.exe

aes.plain

Targets

- Target
  
  11ea34f77c834c824bfb59472c4c26a23918c13e701797a484a5e86544f18e7e
- Size
  
  41KB
- MD5
  
  86fbf5b376b5daae4018e7a1652b298e
- SHA1
  
  c91283deb333efb4c0db91bac8839e084cc58e27
- SHA256
  
  11ea34f77c834c824bfb59472c4c26a23918c13e701797a484a5e86544f18e7e
- SHA512
  
  801b2a8ec2f2d195e62fe994eaec43f1af2883559df7d03320b801b164e7a8ef8a13e332eb06e2fc6d071e4bb81d09cad2da817e5e17fb84e8a962dd6617217c
- SSDEEP
  
  768:+7yYO3CpRkfGG3XvgggPLJF5PG9pmajs6vOwhu3EuzE:yT6CpRvgXvvgtFI9Aajs6vOwkNQ
Score

10^/10

xworm rat trojan
- Detect Xworm Payload
- Xworm
  Xworm is a remote access trojan written in C#.
  trojan rat xworm
- Xworm family
  xworm
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
behavioral1 behavioral2

MITRE ATT&CK Matrix

Tasks

static1

behavioral1

behavioral2

© 2018-2025

Terms | Privacy