xworm | ea26fecd6d406f242195aa68c32523218b84041cfdcba9314c1aee64e69ee3b8 | Triage

Submit
Reports

Overview

overview

Static

static

ea26fecd6d...b8.exe

windows7-x64

ea26fecd6d...b8.exe

windows10-2004-x64

Sharing

General

Target

ea26fecd6d406f242195aa68c32523218b84041cfdcba9314c1aee64e69ee3b8.exe
Size

153KB
Sample

241102-leb58a1gma
MD5

3504d735153aa02cda0e6b3078df6687
SHA1

41a02a1dcbde06fba943882cf27bb96bbeda55ef
SHA256

ea26fecd6d406f242195aa68c32523218b84041cfdcba9314c1aee64e69ee3b8
SHA512

eba2480ff971e981ee4940abc05ac1050e95fac2a9113c729aee26b93b94c89b8e486b900d840e025fd6dde5143fb560b4b7516a8a4fa17073e1177b7aedb810
SSDEEP

3072:OmjALFQ9I8OMP4NpVq8BxFRzaqF+o2GQJ7/JzqVfGvJ:OMSQ9rgVqwlL

Score

10^/10

xworm rat trojan

Static task

static1

3 signatures

Behavioral task

behavioral1

Sample

ea26fecd6d406f242195aa68c32523218b84041cfdcba9314c1aee64e69ee3b8.exe

Resource

win7-20240903-en

xworm rat trojan

windows7-x64

5 signatures

150 seconds

Behavioral task

behavioral2

Sample

ea26fecd6d406f242195aa68c32523218b84041cfdcba9314c1aee64e69ee3b8.exe

Resource

win10v2004-20241007-en

xworm rat trojan

windows10-2004-x64

5 signatures

150 seconds

Malware Config

Extracted

Family

xworm

Version

5.0

C2

192.168.10.24:7222

Mutex

3HJeLIc1VbxbCESq

Attributes

Install_directory
%AppData%
install_file
x-manager.exe

aes.plain

Targets

- Target
  
  ea26fecd6d406f242195aa68c32523218b84041cfdcba9314c1aee64e69ee3b8.exe
- Size
  
  153KB
- MD5
  
  3504d735153aa02cda0e6b3078df6687
- SHA1
  
  41a02a1dcbde06fba943882cf27bb96bbeda55ef
- SHA256
  
  ea26fecd6d406f242195aa68c32523218b84041cfdcba9314c1aee64e69ee3b8
- SHA512
  
  eba2480ff971e981ee4940abc05ac1050e95fac2a9113c729aee26b93b94c89b8e486b900d840e025fd6dde5143fb560b4b7516a8a4fa17073e1177b7aedb810
- SSDEEP
  
  3072:OmjALFQ9I8OMP4NpVq8BxFRzaqF+o2GQJ7/JzqVfGvJ:OMSQ9rgVqwlL
Score

10^/10

xworm rat trojan
- Detect Xworm Payload
- Xworm
  Xworm is a remote access trojan written in C#.
  trojan rat xworm
- Xworm family
  xworm
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
behavioral1 behavioral2

MITRE ATT&CK Matrix

Tasks

static1

behavioral1

behavioral2

© 2018-2025

Terms | Privacy