xworm | 518bcb384a8be295dacd2516beaaf18dd8b0c081bcb7bdc4a66bb27b393bf97b | Triage

Submit
Reports

Overview

overview

Static

static

3

FullOption_2.1.exe

windows10-ltsc 2021-x64

Sharing

General

Target

FullOption_2.1.exe
Size

4.0MB
Sample

241109-awn1katbqh
MD5

9ec7934c2dd0ea95b8a3f7081ae2b9fa
SHA1

4e6807ebbee7490d2188fe1b3332a0a5cec053b0
SHA256

518bcb384a8be295dacd2516beaaf18dd8b0c081bcb7bdc4a66bb27b393bf97b
SHA512

a6d8fab2a3a6e9ab4ddfa81dffa1105c34dfd9cb3ae8093c475465f02678dc288935a866df060605163f1733afb0ee6d7f8e6515e6d4bfd457c1c8d38f613bfd
SSDEEP

98304:9rN+Jkbu8xFUvvU8nbRg3F7Nc1/m7XDjPzeLDRfF:xNZbXxeHU8bK17C/m7XDjzeLDR

Score

10^/10

xworm rat trojan

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

FullOption_2.1.exe

Resource

win10ltsc2021-20241023-en

xworm rat trojan

windows10-ltsc 2021-x64

9 signatures

30 seconds

Malware Config

Extracted

Family

xworm

C2

85.203.4.149:7000

Attributes

Install_directory
%ProgramData%
install_file
XClient.exe

Targets

- Target
  
  FullOption_2.1.exe
- Size
  
  4.0MB
- MD5
  
  9ec7934c2dd0ea95b8a3f7081ae2b9fa
- SHA1
  
  4e6807ebbee7490d2188fe1b3332a0a5cec053b0
- SHA256
  
  518bcb384a8be295dacd2516beaaf18dd8b0c081bcb7bdc4a66bb27b393bf97b
- SHA512
  
  a6d8fab2a3a6e9ab4ddfa81dffa1105c34dfd9cb3ae8093c475465f02678dc288935a866df060605163f1733afb0ee6d7f8e6515e6d4bfd457c1c8d38f613bfd
- SSDEEP
  
  98304:9rN+Jkbu8xFUvvU8nbRg3F7Nc1/m7XDjPzeLDRfF:xNZbXxeHU8bK17C/m7XDjzeLDR
Score

10^/10

xworm rat trojan
- Detect Xworm Payload
- Xworm
  Xworm is a remote access trojan written in C#.
  trojan rat xworm
- Xworm family
  xworm
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
behavioral1

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

© 2018-2025

Terms | Privacy