xworm | 3708e11d66b51b2e3b8881e815ab53579ac1f864a158cea1011b1a943149de3e | Triage

Submit
Reports

Overview

overview

Static

static

3708e11d66...eN.exe

windows7-x64

3708e11d66...eN.exe

windows10-2004-x64

Sharing

General

Target

3708e11d66b51b2e3b8881e815ab53579ac1f864a158cea1011b1a943149de3eN
Size

113KB
Sample

241111-ppz7ksspar
MD5

b645a9fd6e1d775085c66632c7550cf0
SHA1

0ff50b1f08985123888e205224ac7e4992e0ffdb
SHA256

3708e11d66b51b2e3b8881e815ab53579ac1f864a158cea1011b1a943149de3e
SHA512

daa3a72001a5d613cf646cfebd43faf8ca8c8e221ae1a3facb36b8eeada5da4024f8e2a24b471614b1cf5b6657aeb691851eb95f23f7a0f933ca6f9ceb65190d
SSDEEP

1536:GMlhc/2KCQ/KEoDOfigkZbt0wN6EO2Sdfdq5:PGHr/QOfirbthO2Ydq5

Score

10^/10

xworm rat trojan

Static task

static1

3 signatures

Behavioral task

behavioral1

Sample

3708e11d66b51b2e3b8881e815ab53579ac1f864a158cea1011b1a943149de3eN.exe

Resource

win7-20240903-en

xworm rat trojan

windows7-x64

5 signatures

120 seconds

Behavioral task

behavioral2

Sample

3708e11d66b51b2e3b8881e815ab53579ac1f864a158cea1011b1a943149de3eN.exe

Resource

win10v2004-20241007-en

xworm rat trojan

windows10-2004-x64

5 signatures

120 seconds

Malware Config

Extracted

Family

xworm

C2

sell-oc.gl.at.ply.gg:48959

Attributes

Install_directory
%Userprofile%
install_file
USB.exe

Targets

- Target
  
  3708e11d66b51b2e3b8881e815ab53579ac1f864a158cea1011b1a943149de3eN
- Size
  
  113KB
- MD5
  
  b645a9fd6e1d775085c66632c7550cf0
- SHA1
  
  0ff50b1f08985123888e205224ac7e4992e0ffdb
- SHA256
  
  3708e11d66b51b2e3b8881e815ab53579ac1f864a158cea1011b1a943149de3e
- SHA512
  
  daa3a72001a5d613cf646cfebd43faf8ca8c8e221ae1a3facb36b8eeada5da4024f8e2a24b471614b1cf5b6657aeb691851eb95f23f7a0f933ca6f9ceb65190d
- SSDEEP
  
  1536:GMlhc/2KCQ/KEoDOfigkZbt0wN6EO2Sdfdq5:PGHr/QOfirbthO2Ydq5
Score

10^/10

xworm rat trojan
- Detect Xworm Payload
- Xworm
  Xworm is a remote access trojan written in C#.
  trojan rat xworm
- Xworm family
  xworm
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
behavioral1 behavioral2

MITRE ATT&CK Matrix

Tasks

static1

behavioral1

behavioral2

© 2018-2024

Terms | Privacy