xworm | 8fc479720e3218f4a6af96f65d39c0ea82c01c004315750d7f210e08540e4d6e | Triage

Submit
Reports

Overview

overview

Static

static

WindowsRoot.exe

windows11-21h2-x64

Sharing

General

Target

WindowsRoot.exe
Size

81KB
Sample

241109-wj1z9ayhme
MD5

dc9cce7b2ab5836c8f4ff1fdcea5a88e
SHA1

68ca553b84f7159efaa3855773071192411b912f
SHA256

8fc479720e3218f4a6af96f65d39c0ea82c01c004315750d7f210e08540e4d6e
SHA512

baec44b96fff2977f50d6efe61ab598d6657512806cb9612694b97643769f894bfceefcbc15c818acfe15d7547cedaf9898d87980a947a02886807061cbb26c2
SSDEEP

1536:N7K5slud3hLERjgckbp2h4qr7bBbHxEcZnV6+SOvsLh0ERdK3l:QSlS3J64qnbNHHZAOvYh0Ycl

Score

10^/10

xworm rat trojan

Static task

static1

3 signatures

Behavioral task

behavioral1

Sample

WindowsRoot.exe

Resource

win11-20241007-en

xworm rat trojan

windows11-21h2-x64

10 signatures

150 seconds

Malware Config

Extracted

Family

xworm

C2

172.16.0.2:7000

Attributes

Install_directory
%AppData%
install_file
svchostq.exe

Targets

- Target
  
  WindowsRoot.exe
- Size
  
  81KB
- MD5
  
  dc9cce7b2ab5836c8f4ff1fdcea5a88e
- SHA1
  
  68ca553b84f7159efaa3855773071192411b912f
- SHA256
  
  8fc479720e3218f4a6af96f65d39c0ea82c01c004315750d7f210e08540e4d6e
- SHA512
  
  baec44b96fff2977f50d6efe61ab598d6657512806cb9612694b97643769f894bfceefcbc15c818acfe15d7547cedaf9898d87980a947a02886807061cbb26c2
- SSDEEP
  
  1536:N7K5slud3hLERjgckbp2h4qr7bBbHxEcZnV6+SOvsLh0ERdK3l:QSlS3J64qnbNHHZAOvYh0Ycl
Score

10^/10

xworm rat trojan
- Detect Xworm Payload
- Xworm
  Xworm is a remote access trojan written in C#.
  trojan rat xworm
- Xworm family
  xworm
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
behavioral1

MITRE ATT&CK Matrix

Tasks

static1

behavioral1

© 2018-2025

Terms | Privacy