xworm | b94b67c16df12216176e48ac4ad3b101cf087e0d2c2e4599b9439c41a0d0889e | Triage

Submit
Reports

Overview

overview

Static

static

b94b67c16d...9e.exe

windows7-x64

b94b67c16d...9e.exe

windows10-2004-x64

Sharing

General

Target

b94b67c16df12216176e48ac4ad3b101cf087e0d2c2e4599b9439c41a0d0889e
Size

39KB
Sample

241101-zwzvhawbln
MD5

93db28cf0c7dbc678c854f712719b16f
SHA1

434b3ac4527963101e720e2555570b95307da692
SHA256

b94b67c16df12216176e48ac4ad3b101cf087e0d2c2e4599b9439c41a0d0889e
SHA512

fecbfe7cd590f15d862a16d70c8712cb93a72e1bb9b8155577114b95ffca895876cc8013eeb2e90e130c86b1168f277aa28f275a21aca36c81650ca96afa1182
SSDEEP

768:LcphJ3xsVEzHV8sgOO8Fyw994x6sO/hoPSib:Lc/J3YuTBFP9Kx6sO/K3b

Score

10^/10

xworm rat trojan

Static task

static1

3 signatures

Behavioral task

behavioral1

Sample

b94b67c16df12216176e48ac4ad3b101cf087e0d2c2e4599b9439c41a0d0889e.exe

Resource

win7-20240903-en

xworm rat trojan

windows7-x64

5 signatures

150 seconds

Behavioral task

behavioral2

Sample

b94b67c16df12216176e48ac4ad3b101cf087e0d2c2e4599b9439c41a0d0889e.exe

Resource

win10v2004-20241007-en

xworm rat trojan

windows10-2004-x64

5 signatures

150 seconds

Malware Config

Extracted

Family

xworm

Version

5.0

C2

event-dollar.gl.at.ply.gg:42627

Mutex

Vu8KDOzYd19RAWuh

Attributes

Install_directory
%ProgramData%
install_file
Desktop Window Manager.exe
telegram
https://api.telegram.org/bot7269786725:AAF0IPx1BWTdW_vbZqP8HGNrxWWFpF5CvYs/sendMessage?chat_id=5465523859

aes.plain

Targets

- Target
  
  b94b67c16df12216176e48ac4ad3b101cf087e0d2c2e4599b9439c41a0d0889e
- Size
  
  39KB
- MD5
  
  93db28cf0c7dbc678c854f712719b16f
- SHA1
  
  434b3ac4527963101e720e2555570b95307da692
- SHA256
  
  b94b67c16df12216176e48ac4ad3b101cf087e0d2c2e4599b9439c41a0d0889e
- SHA512
  
  fecbfe7cd590f15d862a16d70c8712cb93a72e1bb9b8155577114b95ffca895876cc8013eeb2e90e130c86b1168f277aa28f275a21aca36c81650ca96afa1182
- SSDEEP
  
  768:LcphJ3xsVEzHV8sgOO8Fyw994x6sO/hoPSib:Lc/J3YuTBFP9Kx6sO/K3b
Score

10^/10

xworm rat trojan
- Detect Xworm Payload
- Xworm
  Xworm is a remote access trojan written in C#.
  trojan rat xworm
- Xworm family
  xworm
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
behavioral1 behavioral2

MITRE ATT&CK Matrix

Tasks

static1

behavioral1

behavioral2

© 2018-2025

Terms | Privacy