xworm | daae736c8f04197fdab7aca6a9d79492272b03b0b0fb7a9f844810c2737ad84d | Triage

Submit
Reports

Overview

overview

Static

static

5

daae736c8f...4d.exe

windows7-x64

daae736c8f...4d.exe

windows10-2004-x64

Sharing

General

Target

daae736c8f04197fdab7aca6a9d79492272b03b0b0fb7a9f844810c2737ad84d.exe
Size

1.0MB
Sample

241106-ebd23stkfx
MD5

468e18a1e46996a9e12aeac76580c6ed
SHA1

4529b55ad5c142e320ca8e0916b175c61f7e8a92
SHA256

daae736c8f04197fdab7aca6a9d79492272b03b0b0fb7a9f844810c2737ad84d
SHA512

bc6faa2a4bff36301c411896a6271c70c7eada5bfdffb7456440a0e499f6467c27532484c1dcb0e23a7c1aa43376fcea697d77315c1293840733c1ca763def85
SSDEEP

24576:wqDEvCTbMWu7rQYlBQcBiT6rprG8a374rnT9exfxOkl:wTvC/MTQYxsWR7a37YT9exfxh

Score

10^/10

xworm discovery rat trojan

Static task

static1

2 signatures

Behavioral task

behavioral1

Sample

daae736c8f04197fdab7aca6a9d79492272b03b0b0fb7a9f844810c2737ad84d.exe

Resource

win7-20240903-en

xworm discovery rat trojan

windows7-x64

14 signatures

150 seconds

Behavioral task

behavioral2

Sample

daae736c8f04197fdab7aca6a9d79492272b03b0b0fb7a9f844810c2737ad84d.exe

Resource

win10v2004-20241007-en

xworm discovery rat trojan

windows10-2004-x64

13 signatures

150 seconds

Malware Config

Extracted

Family

xworm

Version

5.0

C2

173.205.83.196:3210

Mutex

jJqPmV7YRG8bldRA

Attributes

Install_directory
%AppData%
install_file
XClient.exe

aes.plain

Targets

- Target
  
  daae736c8f04197fdab7aca6a9d79492272b03b0b0fb7a9f844810c2737ad84d.exe
- Size
  
  1.0MB
- MD5
  
  468e18a1e46996a9e12aeac76580c6ed
- SHA1
  
  4529b55ad5c142e320ca8e0916b175c61f7e8a92
- SHA256
  
  daae736c8f04197fdab7aca6a9d79492272b03b0b0fb7a9f844810c2737ad84d
- SHA512
  
  bc6faa2a4bff36301c411896a6271c70c7eada5bfdffb7456440a0e499f6467c27532484c1dcb0e23a7c1aa43376fcea697d77315c1293840733c1ca763def85
- SSDEEP
  
  24576:wqDEvCTbMWu7rQYlBQcBiT6rprG8a374rnT9exfxOkl:wTvC/MTQYxsWR7a37YT9exfxh
Score

10^/10

xworm discovery rat trojan
- Detect Xworm Payload
- Xworm
  Xworm is a remote access trojan written in C#.
  trojan rat xworm
- Xworm family
  xworm
- Drops startup file
- Executes dropped EXE
- Loads dropped DLL
- AutoIT Executable
  AutoIT scripts compiled to PE executables.
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

xwormdiscoveryrattrojan

behavioral2

xwormdiscoveryrattrojan

© 2018-2025

Terms | Privacy