xworm | c1bb62643465be92b8fec645004bacf1f7ea0709f60c116a153f10f5e1856cea | Triage

Submit
Reports

Overview

overview

Static

static

Nursultan.exe

windows7-x64

Nursultan.exe

windows10-2004-x64

Sharing

General

Target

Crack.rar
Size

40KB
Sample

241108-prfkyssemk
MD5

f98a65665a34388e82c0cf3c3c2cc7a4
SHA1

3d729346f6d8ee8dea0cc1f4d2373b0720147946
SHA256

c1bb62643465be92b8fec645004bacf1f7ea0709f60c116a153f10f5e1856cea
SHA512

8287035380f48e246ea8bbedaca943a498b7ca25f22d7d1c4a13fa56cd51e505b9135403ea67834776f574e22d159c7c4677df97b9b8e702535cda3114d5b4ac
SSDEEP

768:1siTtuMle9Elt6hVfibisADUi025JENBWjhdQDBNmAgJh7tMHG6zfO1R:XTtuwwSt6hVfibVAP5eNBKzOD4P7tMby

Score

10^/10

xworm rat trojan

Static task

static1

3 signatures

Behavioral task

behavioral1

Sample

Nursultan.exe

Resource

win7-20241023-en

xworm rat trojan

windows7-x64

5 signatures

30 seconds

Behavioral task

behavioral2

Sample

Nursultan.exe

Resource

win10v2004-20241007-en

xworm rat trojan

windows10-2004-x64

5 signatures

30 seconds

Malware Config

Extracted

Family

xworm

C2

various-significance.gl.at.ply.gg:43319

Attributes

Install_directory
%ProgramData%
install_file
Winrar.exe

Targets

- Target
  
  Nursultan.exe
- Size
  
  70KB
- MD5
  
  f4de079f64577635c8404dcec009b1fa
- SHA1
  
  89663b0b9fa16e73889e10e33a258decae8c2709
- SHA256
  
  393052f438e1ed16b3218afd780370ad6df6e04b2af6bc20428d66b9f133440d
- SHA512
  
  36dac74a2ca921790532328954c109f589979d8a78cda50c292801391da77fbaf6202567b6333f14037de27737ac8618780c6c72dcc645e760e97aca51e47157
- SSDEEP
  
  1536:UbmNTNwxuVoPGfEfcIhX8JbE2d5AlZFm6Ew7XWiOtapfJgx:bNTNRwGfEfvhabE2IFsw7XFOgwx
Score

10^/10

xworm rat trojan
- Detect Xworm Payload
- Xworm
  Xworm is a remote access trojan written in C#.
  trojan rat xworm
- Xworm family
  xworm
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
behavioral1 behavioral2

MITRE ATT&CK Matrix

Tasks

static1

behavioral1

behavioral2

© 2018-2025

Terms | Privacy