xworm | 54fa1f416dfd0e53f4fbd45f2f30ec470ab8b02f5d5ff019d61f20bfd62a8a24 | Triage

Submit
Reports

Overview

overview

Static

static

3

wwwww.exe

windows10-ltsc 2021-x64

Sharing

General

Target

wwwww.exe
Size

15.9MB
Sample

241107-lj9x2syqfw
MD5

844f6c30ddab8bccc334c70ba4359e98
SHA1

dd9455fa8138213edc2f4f12b2d248b31edcae2d
SHA256

54fa1f416dfd0e53f4fbd45f2f30ec470ab8b02f5d5ff019d61f20bfd62a8a24
SHA512

e1652261680518de89a0c7d4cfd06ca41a7b0ec973bcc959c520397eef3214783eca624482f593cd43a4dc51e4f79718125c2f62915f3121bc6ce5a866c54d14
SSDEEP

393216:V8iJqDGCjr4xMA/YrHiLfygdkqxYc1cT8/TcdsDCGMRqA:lJCjr3hEJY6coTcdsDC

Score

10^/10

xworm pyinstaller rat trojan

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

wwwww.exe

Resource

win10ltsc2021-20241023-en

xworm pyinstaller rat trojan

windows10-ltsc 2021-x64

11 signatures

30 seconds

Malware Config

Extracted

Family

xworm

C2

85.203.4.149:7000

Attributes

Install_directory
%ProgramData%
install_file
XClient.exe

Targets

- Target
  
  wwwww.exe
- Size
  
  15.9MB
- MD5
  
  844f6c30ddab8bccc334c70ba4359e98
- SHA1
  
  dd9455fa8138213edc2f4f12b2d248b31edcae2d
- SHA256
  
  54fa1f416dfd0e53f4fbd45f2f30ec470ab8b02f5d5ff019d61f20bfd62a8a24
- SHA512
  
  e1652261680518de89a0c7d4cfd06ca41a7b0ec973bcc959c520397eef3214783eca624482f593cd43a4dc51e4f79718125c2f62915f3121bc6ce5a866c54d14
- SSDEEP
  
  393216:V8iJqDGCjr4xMA/YrHiLfygdkqxYc1cT8/TcdsDCGMRqA:lJCjr3hEJY6coTcdsDC
Score

10^/10

xworm pyinstaller rat trojan
- Detect Xworm Payload
- Xworm
  Xworm is a remote access trojan written in C#.
  trojan rat xworm
- Xworm family
  xworm
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Loads dropped DLL
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
behavioral1

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

xwormpyinstallerrattrojan

© 2018-2025

Terms | Privacy