xworm | ba6ae3298ad306b13ab8974c1a50ca59131faa961c592e628d7bce575178ef50 | Triage

Submit
Reports

Overview

overview

Static

static

ba6ae3298a...50.exe

windows7-x64

ba6ae3298a...50.exe

windows10-2004-x64

Sharing

General

Target

ba6ae3298ad306b13ab8974c1a50ca59131faa961c592e628d7bce575178ef50
Size

37KB
Sample

241105-r9esgswjaj
MD5

bf1709c0b200089ae5718d95bdb719bb
SHA1

d90dc5f623e3a0226b2320e626f733e1a9f38937
SHA256

ba6ae3298ad306b13ab8974c1a50ca59131faa961c592e628d7bce575178ef50
SHA512

06af06acb29ad2916b9843b3d178bf73e8c52e8e518c8cb95e22f9cf31398da00e787b2a32a86c054db071c81666808409c51b5f518cc1492e9ba29a37821382
SSDEEP

768:R4hpEcE5n92F2AXFyc9OY896dO/hMbiAxF:Ri49kBFb9d66dO/zAv

Score

10^/10

xworm rat trojan

Static task

static1

3 signatures

Behavioral task

behavioral1

Sample

ba6ae3298ad306b13ab8974c1a50ca59131faa961c592e628d7bce575178ef50.exe

Resource

win7-20240903-en

xworm rat trojan

windows7-x64

5 signatures

150 seconds

Behavioral task

behavioral2

Sample

ba6ae3298ad306b13ab8974c1a50ca59131faa961c592e628d7bce575178ef50.exe

Resource

win10v2004-20241007-en

xworm rat trojan

windows10-2004-x64

5 signatures

150 seconds

Malware Config

Extracted

Family

xworm

Version

5.0

C2

127.0.0.1:44559

itself-issued.gl.at.ply.gg:44559

Mutex

RGn0uSNRQPOrBFJc

Attributes

Install_directory
%AppData%
install_file
XClient.exe

aes.plain

Targets

- Target
  
  ba6ae3298ad306b13ab8974c1a50ca59131faa961c592e628d7bce575178ef50
- Size
  
  37KB
- MD5
  
  bf1709c0b200089ae5718d95bdb719bb
- SHA1
  
  d90dc5f623e3a0226b2320e626f733e1a9f38937
- SHA256
  
  ba6ae3298ad306b13ab8974c1a50ca59131faa961c592e628d7bce575178ef50
- SHA512
  
  06af06acb29ad2916b9843b3d178bf73e8c52e8e518c8cb95e22f9cf31398da00e787b2a32a86c054db071c81666808409c51b5f518cc1492e9ba29a37821382
- SSDEEP
  
  768:R4hpEcE5n92F2AXFyc9OY896dO/hMbiAxF:Ri49kBFb9d66dO/zAv
Score

10^/10

xworm rat trojan
- Detect Xworm Payload
- Xworm
  Xworm is a remote access trojan written in C#.
  trojan rat xworm
- Xworm family
  xworm
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
behavioral1 behavioral2

MITRE ATT&CK Matrix

Tasks

static1

behavioral1

behavioral2

© 2018-2025

Terms | Privacy