xworm | c56bfa4afd61f5fc95cb0c3b2dce23bd2a2c2656ab2df09fc98e584ebbe6a00e | Triage

Submit
Reports

Overview

overview

Static

static

c56bfa4afd...0e.exe

windows7-x64

c56bfa4afd...0e.exe

windows10-2004-x64

Sharing

General

Target

c56bfa4afd61f5fc95cb0c3b2dce23bd2a2c2656ab2df09fc98e584ebbe6a00e
Size

45KB
Sample

241109-dynpcswjdv
MD5

dc3ad389d4ba11ef04240077f239d4ce
SHA1

ca1c017c859423c849d15da10ba9491319706f83
SHA256

c56bfa4afd61f5fc95cb0c3b2dce23bd2a2c2656ab2df09fc98e584ebbe6a00e
SHA512

3ef092a17f0a11a56c3a959a3fb875ff37b7e266b09e6f2542d174204169ed0e3802b268a753dd2a11dee4d3331fe3e0ba38b9d343951591db167039d3e5e9b1
SSDEEP

768:IurlDweV3OOVbADM9W1v9NfgkBpuAuREcNcFhlVvD4xeVhKfk/LbFEPa9pvg6iO1:IADweQKADMkV9GkSAcRaPlZrOc/FJ9Nf

Score

10^/10

xworm rat trojan

Static task

static1

3 signatures

Behavioral task

behavioral1

Sample

c56bfa4afd61f5fc95cb0c3b2dce23bd2a2c2656ab2df09fc98e584ebbe6a00e.exe

Resource

win7-20241010-en

xworm rat trojan

windows7-x64

5 signatures

150 seconds

Behavioral task

behavioral2

Sample

c56bfa4afd61f5fc95cb0c3b2dce23bd2a2c2656ab2df09fc98e584ebbe6a00e.exe

Resource

win10v2004-20241007-en

xworm rat trojan

windows10-2004-x64

5 signatures

150 seconds

Malware Config

Extracted

Family

xworm

Version

5.0

C2

127.0.0.1:33779

23.ip.gl.ply.gg:33779

Mutex

QXJjAl0pyGprRcPi

Attributes

Install_directory
%AppData%
install_file
XClient.exe

aes.plain

Targets

- Target
  
  c56bfa4afd61f5fc95cb0c3b2dce23bd2a2c2656ab2df09fc98e584ebbe6a00e
- Size
  
  45KB
- MD5
  
  dc3ad389d4ba11ef04240077f239d4ce
- SHA1
  
  ca1c017c859423c849d15da10ba9491319706f83
- SHA256
  
  c56bfa4afd61f5fc95cb0c3b2dce23bd2a2c2656ab2df09fc98e584ebbe6a00e
- SHA512
  
  3ef092a17f0a11a56c3a959a3fb875ff37b7e266b09e6f2542d174204169ed0e3802b268a753dd2a11dee4d3331fe3e0ba38b9d343951591db167039d3e5e9b1
- SSDEEP
  
  768:IurlDweV3OOVbADM9W1v9NfgkBpuAuREcNcFhlVvD4xeVhKfk/LbFEPa9pvg6iO1:IADweQKADMkV9GkSAcRaPlZrOc/FJ9Nf
Score

10^/10

xworm rat trojan
- Detect Xworm Payload
- Xworm
  Xworm is a remote access trojan written in C#.
  trojan rat xworm
- Xworm family
  xworm
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
behavioral1 behavioral2

MITRE ATT&CK Matrix

Tasks

static1

behavioral1

behavioral2

© 2018-2025

Terms | Privacy