xworm | d2d4ad73e3e1247c5dfa633aac6ca6e7bf0de3d0205790309759798e4bee062f | Triage

Submit
Reports

Overview

overview

Static

static

1

BootStrapper.bat

windows10-ltsc 2021-x64

Sharing

General

Target

BootStrapper.bat
Size

302KB
Sample

241103-gcgkpsyrgq
MD5

e11a5d978c9f06cc301c8c44e52b4852
SHA1

831ba9abea94b996c532cdada5a79bba72a391e3
SHA256

d2d4ad73e3e1247c5dfa633aac6ca6e7bf0de3d0205790309759798e4bee062f
SHA512

f0bcd0f568f52d2519c62486ed9b94a342ee5fcd7d52835cb5d0377a1ac8b178d8ae0bd04675dd01778291b6f36807a1c27e88497c7344e15d23fdbe792349f2
SSDEEP

6144:U6j7gPgcFREzUgq4RgFmRYMkj/qUxD1p0/vb4YfrVTZJEdtnUNN4tK:rexEAglRetVf0/FfpPQnUNoK

Score

10^/10

xworm execution rat trojan

Static task

static1

Behavioral task

behavioral1

Sample

BootStrapper.bat

Resource

win10ltsc2021-20241023-en

xworm execution rat trojan

windows10-ltsc 2021-x64

13 signatures

150 seconds

Malware Config

Extracted

Family

xworm

C2

where-reverse.gl.at.ply.gg:9999

Attributes

Install_directory
%ProgramData%
install_file
Helper.exe

Targets

- Target
  
  BootStrapper.bat
- Size
  
  302KB
- MD5
  
  e11a5d978c9f06cc301c8c44e52b4852
- SHA1
  
  831ba9abea94b996c532cdada5a79bba72a391e3
- SHA256
  
  d2d4ad73e3e1247c5dfa633aac6ca6e7bf0de3d0205790309759798e4bee062f
- SHA512
  
  f0bcd0f568f52d2519c62486ed9b94a342ee5fcd7d52835cb5d0377a1ac8b178d8ae0bd04675dd01778291b6f36807a1c27e88497c7344e15d23fdbe792349f2
- SSDEEP
  
  6144:U6j7gPgcFREzUgq4RgFmRYMkj/qUxD1p0/vb4YfrVTZJEdtnUNN4tK:rexEAglRetVf0/FfpPQnUNoK
Score

10^/10

xworm execution rat trojan
- Detect Xworm Payload
- Xworm
  Xworm is a remote access trojan written in C#.
  trojan rat xworm
- Xworm family
  xworm
- Blocklisted process makes network request
- Command and Scripting Interpreter: PowerShell
  Using powershell.exe command.
  execution
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
behavioral1

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Command and Scripting Interpreter

PowerShell

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

xwormexecutionrattrojan

© 2018-2025

Terms | Privacy