xworm | 7c78edd54d043b9ac2d4556c10f7bd07f4dd2258fd46a0f6469200431f8a21a0 | Triage

Submit
Reports

Overview

overview

Static

static

3

Dragon.exe

windows10-ltsc 2021-x64

Sharing

General

Target

Dragon.exe
Size

275KB
Sample

241103-amxakssnbk
MD5

4a2b87da39aa0c18015c52982d9b041e
SHA1

418bb0b60e5613abfd28348bdee58a009122e66e
SHA256

7c78edd54d043b9ac2d4556c10f7bd07f4dd2258fd46a0f6469200431f8a21a0
SHA512

921797a79bb863432aa9b635e4f144678836eff9ec3a0cf31d6aad5805018b5abe8f6dd2fa830f72a3fdcd77c0ce112becf0d13cefb0119c5c96f63d2be3744d
SSDEEP

3072:LIvTbyuUBoAlsYJ7OcrFZrvjKP60cq/ehN8zuUQr2jRIpzgD7ZKDwodfKdM9:iylsYJ7Ocr/j1UQr2jf3ZKswU

Score

10^/10

xworm rat trojan

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

Dragon.exe

Resource

win10ltsc2021-20241023-en

xworm rat trojan

windows10-ltsc 2021-x64

15 signatures

150 seconds

Malware Config

Extracted

Family

xworm

C2

ensure-manual.gl.at.ply.gg:41199

Attributes

Install_directory
%AppData%
install_file
dllhost.exe

Targets

- Target
  
  Dragon.exe
- Size
  
  275KB
- MD5
  
  4a2b87da39aa0c18015c52982d9b041e
- SHA1
  
  418bb0b60e5613abfd28348bdee58a009122e66e
- SHA256
  
  7c78edd54d043b9ac2d4556c10f7bd07f4dd2258fd46a0f6469200431f8a21a0
- SHA512
  
  921797a79bb863432aa9b635e4f144678836eff9ec3a0cf31d6aad5805018b5abe8f6dd2fa830f72a3fdcd77c0ce112becf0d13cefb0119c5c96f63d2be3744d
- SSDEEP
  
  3072:LIvTbyuUBoAlsYJ7OcrFZrvjKP60cq/ehN8zuUQr2jRIpzgD7ZKDwodfKdM9:iylsYJ7Ocr/j1UQr2jf3ZKswU
Score

10^/10

xworm rat trojan
- Detect Xworm Payload
- Xworm
  Xworm is a remote access trojan written in C#.
  trojan rat xworm
- Xworm family
  xworm
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
behavioral1

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Peripheral Device Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

© 2018-2025

Terms | Privacy