xworm | decc2a2ef08d8d31a013fafb410abd99fe7d9c31fe7801ef4bed7682e09682b7 | Triage

Submit
Reports

Overview

overview

Static

static

3

decc2a2ef0...7N.exe

windows7-x64

decc2a2ef0...7N.exe

windows10-2004-x64

Sharing

General

Target

decc2a2ef08d8d31a013fafb410abd99fe7d9c31fe7801ef4bed7682e09682b7N
Size

352KB
Sample

241109-gwz66azakq
MD5

c7f28af5b86f96194ea63fb9327a9a60
SHA1

099afe5387be0147ca0dc1ee96ac29e57fc0ec4a
SHA256

decc2a2ef08d8d31a013fafb410abd99fe7d9c31fe7801ef4bed7682e09682b7
SHA512

3e2c0eb8252a584ae8ab963a1e60f18b9d17c7faf625a87d197861f0cd69bb7f9e85842f6c2ef007f53fd7a7791cd1650ec92bc98a8c169fd0a8f74a8a8eca89
SSDEEP

6144:0BAOAWfF1oIMNJ6hMsQN9+/qtW59OJKOvpvvLIboRoaos03ZbqgsBQxBt25:qpF1a+h2N9+St8uK6vvEboRoaotbquxX

Score

10^/10

xworm discovery rat trojan

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

decc2a2ef08d8d31a013fafb410abd99fe7d9c31fe7801ef4bed7682e09682b7N.exe

Resource

win7-20241010-en

xworm discovery rat trojan

windows7-x64

8 signatures

120 seconds

Behavioral task

behavioral2

Sample

decc2a2ef08d8d31a013fafb410abd99fe7d9c31fe7801ef4bed7682e09682b7N.exe

Resource

win10v2004-20241007-en

xworm discovery rat trojan

windows10-2004-x64

9 signatures

120 seconds

Malware Config

Extracted

Family

xworm

Version

5.0

C2

sooiahmed45.ddns.net:8888

Mutex

MpVcDlCO7GPZPd4r

Attributes

install_file
USB.exe

aes.plain

Targets

- Target
  
  decc2a2ef08d8d31a013fafb410abd99fe7d9c31fe7801ef4bed7682e09682b7N
- Size
  
  352KB
- MD5
  
  c7f28af5b86f96194ea63fb9327a9a60
- SHA1
  
  099afe5387be0147ca0dc1ee96ac29e57fc0ec4a
- SHA256
  
  decc2a2ef08d8d31a013fafb410abd99fe7d9c31fe7801ef4bed7682e09682b7
- SHA512
  
  3e2c0eb8252a584ae8ab963a1e60f18b9d17c7faf625a87d197861f0cd69bb7f9e85842f6c2ef007f53fd7a7791cd1650ec92bc98a8c169fd0a8f74a8a8eca89
- SSDEEP
  
  6144:0BAOAWfF1oIMNJ6hMsQN9+/qtW59OJKOvpvvLIboRoaos03ZbqgsBQxBt25:qpF1a+h2N9+St8uK6vvEboRoaotbquxX
Score

10^/10

xworm discovery rat trojan
- Detect Xworm Payload
- Xworm
  Xworm is a remote access trojan written in C#.
  trojan rat xworm
- Xworm family
  xworm
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

xwormdiscoveryrattrojan

behavioral2

xwormdiscoveryrattrojan

© 2018-2025

Terms | Privacy