xworm | 765cc7c9a8a553a1aee84ce84cdcc4706cc73d84c49b2c354ce864d53cbdba40 | Triage

Submit
Reports

Overview

overview

Static

static

3

freerobux.exe

windows10-ltsc 2021-x64

Sharing

General

Target

freerobux.exe
Size

300KB
Sample

241108-xv6wbaxfpa
MD5

271deddfd2e90b39dfd1f4990338f1ca
SHA1

b3f52883fdc471b35d21eeb7c99b42cbe16da16d
SHA256

765cc7c9a8a553a1aee84ce84cdcc4706cc73d84c49b2c354ce864d53cbdba40
SHA512

114d6e3a2106b16250ac0865dda14c6f9b8444b931c2fa749e84fca22ce6320ce3edeb07dc1dabf5a4dd02ae8a8e90ee737447f8bc012ea1d5020856105440a2
SSDEEP

3072:ehWu6gKlGmaC4CN8KI7inGK1uUg9SaJSgQ6pCtiFCz4:

Score

10^/10

xworm rat trojan

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

freerobux.exe

Resource

win10ltsc2021-20241023-en

xworm rat trojan

windows10-ltsc 2021-x64

7 signatures

150 seconds

Malware Config

Extracted

Family

xworm

C2

23.ip.gl.ply.gg:7000

Attributes

Install_directory
%Public%
install_file
svchost.exe

Targets

- Target
  
  freerobux.exe
- Size
  
  300KB
- MD5
  
  271deddfd2e90b39dfd1f4990338f1ca
- SHA1
  
  b3f52883fdc471b35d21eeb7c99b42cbe16da16d
- SHA256
  
  765cc7c9a8a553a1aee84ce84cdcc4706cc73d84c49b2c354ce864d53cbdba40
- SHA512
  
  114d6e3a2106b16250ac0865dda14c6f9b8444b931c2fa749e84fca22ce6320ce3edeb07dc1dabf5a4dd02ae8a8e90ee737447f8bc012ea1d5020856105440a2
- SSDEEP
  
  3072:ehWu6gKlGmaC4CN8KI7inGK1uUg9SaJSgQ6pCtiFCz4:
Score

10^/10

xworm rat trojan
- Detect Xworm Payload
- Xworm
  Xworm is a remote access trojan written in C#.
  trojan rat xworm
- Xworm family
  xworm
- Executes dropped EXE
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
behavioral1

MITRE ATT&CK Matrix

Tasks

static1

behavioral1

© 2018-2025

Terms | Privacy