xworm | 1728acdfb759194d0be473b2e9490d64e681a1eaf5f796173cf5c43f082ff4dd | Triage

Submit
Reports

Overview

overview

Static

static

1728acdfb7...dN.exe

windows7-x64

1728acdfb7...dN.exe

windows10-2004-x64

Sharing

General

Target

1728acdfb759194d0be473b2e9490d64e681a1eaf5f796173cf5c43f082ff4ddN
Size

103KB
Sample

241104-1szk1azrhr
MD5

91fc0791ef41aef4c69c01503d0c49f0
SHA1

79162b99131d758c40bd5cc6946e435b4782b407
SHA256

1728acdfb759194d0be473b2e9490d64e681a1eaf5f796173cf5c43f082ff4dd
SHA512

79bbd07b7e37434fc2e53aa9d16364820e97c354f50e9c788924968b2f4eadb356f9f25e559a8c0d4e0af0a4abd691644ed7f2719fc9690221f7c2a0d04b284c
SSDEEP

3072:APz9s59oKbFs9UuOMSdoZvLiEdoZvLixhTPgPe:AKo0s98WvmqWvm/Q

Score

10^/10

xworm rat trojan

Static task

static1

3 signatures

Behavioral task

behavioral1

Sample

1728acdfb759194d0be473b2e9490d64e681a1eaf5f796173cf5c43f082ff4ddN.exe

Resource

win7-20240903-en

xworm rat trojan

windows7-x64

5 signatures

120 seconds

Behavioral task

behavioral2

Sample

1728acdfb759194d0be473b2e9490d64e681a1eaf5f796173cf5c43f082ff4ddN.exe

Resource

win10v2004-20241007-en

xworm rat trojan

windows10-2004-x64

5 signatures

120 seconds

Malware Config

Extracted

Family

xworm

Version

5.0

C2

physical-troy.gl.at.ply.gg:25804

Mutex

LyvUlQos7UbAQvM3

Attributes

Install_directory
%AppData%
install_file
XClient.exe

aes.plain

Targets

- Target
  
  1728acdfb759194d0be473b2e9490d64e681a1eaf5f796173cf5c43f082ff4ddN
- Size
  
  103KB
- MD5
  
  91fc0791ef41aef4c69c01503d0c49f0
- SHA1
  
  79162b99131d758c40bd5cc6946e435b4782b407
- SHA256
  
  1728acdfb759194d0be473b2e9490d64e681a1eaf5f796173cf5c43f082ff4dd
- SHA512
  
  79bbd07b7e37434fc2e53aa9d16364820e97c354f50e9c788924968b2f4eadb356f9f25e559a8c0d4e0af0a4abd691644ed7f2719fc9690221f7c2a0d04b284c
- SSDEEP
  
  3072:APz9s59oKbFs9UuOMSdoZvLiEdoZvLixhTPgPe:AKo0s98WvmqWvm/Q
Score

10^/10

xworm rat trojan
- Detect Xworm Payload
- Xworm
  Xworm is a remote access trojan written in C#.
  trojan rat xworm
- Xworm family
  xworm
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
behavioral1 behavioral2

MITRE ATT&CK Matrix

Tasks

static1

behavioral1

behavioral2

© 2018-2025

Terms | Privacy