xworm | 0240fc167d3e9cabeb5a9e707ce52d7842e332e084bef5e22b72fc3ecd3488c0 | Triage

Submit
Reports

Overview

overview

Static

static

3

0240fc167d...c0.exe

windows7-x64

0240fc167d...c0.exe

windows10-2004-x64

Sharing

General

Target

0240fc167d3e9cabeb5a9e707ce52d7842e332e084bef5e22b72fc3ecd3488c0.exe
Size

78KB
Sample

241109-cgakqsxmer
MD5

959ac550de9dc34474a8d8b16a050cfd
SHA1

d6ad271189c5ea66b6ac3268b18c05fa26b5f0f0
SHA256

0240fc167d3e9cabeb5a9e707ce52d7842e332e084bef5e22b72fc3ecd3488c0
SHA512

2c2d837164824fc1503a022a43793e5586c08d6b6b633e7fe828289489fad4c90a7c0a9fb3f2b6de093e901e9b957670063107b06b1e1ea474335806955ab735
SSDEEP

1536:HBx2Kk3000uEZf4Tl+XbctEjt8Y50vuzsB1nKzvpmvqmUte4xRZ4T:H+LE00bZ2leMEZlmBIvh/XZ4

Score

10^/10

xworm defense_evasion discovery rat trojan

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

0240fc167d3e9cabeb5a9e707ce52d7842e332e084bef5e22b72fc3ecd3488c0.exe

Resource

win7-20240903-en

xworm defense_evasion discovery rat trojan

windows7-x64

12 signatures

150 seconds

Behavioral task

behavioral2

Sample

0240fc167d3e9cabeb5a9e707ce52d7842e332e084bef5e22b72fc3ecd3488c0.exe

Resource

win10v2004-20241007-en

xworm defense_evasion discovery rat trojan

windows10-2004-x64

12 signatures

150 seconds

Malware Config

Extracted

Family

xworm

C2

againzamel.zapto.org:1188

damoni.zapto.org:1188

Attributes

Install_directory
%AppData%
install_file
Update.exe

Targets

- Target
  
  0240fc167d3e9cabeb5a9e707ce52d7842e332e084bef5e22b72fc3ecd3488c0.exe
- Size
  
  78KB
- MD5
  
  959ac550de9dc34474a8d8b16a050cfd
- SHA1
  
  d6ad271189c5ea66b6ac3268b18c05fa26b5f0f0
- SHA256
  
  0240fc167d3e9cabeb5a9e707ce52d7842e332e084bef5e22b72fc3ecd3488c0
- SHA512
  
  2c2d837164824fc1503a022a43793e5586c08d6b6b633e7fe828289489fad4c90a7c0a9fb3f2b6de093e901e9b957670063107b06b1e1ea474335806955ab735
- SSDEEP
  
  1536:HBx2Kk3000uEZf4Tl+XbctEjt8Y50vuzsB1nKzvpmvqmUte4xRZ4T:H+LE00bZ2leMEZlmBIvh/XZ4
Score

10^/10

xworm defense_evasion discovery rat trojan
- Detect Xworm Payload
- Xworm
  Xworm is a remote access trojan written in C#.
  trojan rat xworm
- Xworm family
  xworm
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Loads dropped DLL
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
- Obfuscated Files or Information: Command Obfuscation
  Adversaries may obfuscate content during command execution to impede detection.
  defense_evasion
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Obfuscated Files or Information

Command Obfuscation

Credential Access

Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

xwormdefense_evasiondiscoveryrattrojan

behavioral2

xwormdefense_evasiondiscoveryrattrojan

© 2018-2025

Terms | Privacy