xworm | ddfe0cfb0d6ff02a67de60e59a1f212403d075eb1afebccb7e21e094d463a33a | Triage

Submit
Reports

Overview

overview

Static

static

3

Admin Tools.rar.exe

windows10-ltsc 2021-x64

Resubmissions

18-11-2024 09:56

241118-lybc2atndv 10

18-11-2024 09:53

241118-lw2r7sypfn 10

Sharing

General

Target

Admin Tools.rar.exe
Size

11.8MB
Sample

241118-lw2r7sypfn
MD5

ddcffb7143bb8073f53391fd44159950
SHA1

e55cfccc6eefd6c8079f6e18459a3eb509107bd2
SHA256

ddfe0cfb0d6ff02a67de60e59a1f212403d075eb1afebccb7e21e094d463a33a
SHA512

1538f3ee18787485e727904eeac50ea6dbf207ff5aa61620223a33aa5c7c743d17c1ab9c499f04cb6e3954c28434f0dd01ef94412e2a62a94e77d9f996a8db27
SSDEEP

196608:lQXFWvrR+RBZuLVESPp94EMtwBVxCS8ns71EWradV3qAo5QiPZbdBD8h5sf0IfvB:l/URsVz2Z6BVxGmbeV3qc35sfFRf

Score

10^/10

xworm rat trojan

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

Admin Tools.rar.exe

Resource

win10ltsc2021-20241023-en

xworm rat trojan

windows10-ltsc 2021-x64

10 signatures

30 seconds

Malware Config

Extracted

Family

xworm

Version

5.0

C2

127.0.0.1:7000

Mutex

FDifYDumKCtsXZEN

Attributes

install_file
USB.exe

aes.plain

Targets

- Target
  
  Admin Tools.rar.exe
- Size
  
  11.8MB
- MD5
  
  ddcffb7143bb8073f53391fd44159950
- SHA1
  
  e55cfccc6eefd6c8079f6e18459a3eb509107bd2
- SHA256
  
  ddfe0cfb0d6ff02a67de60e59a1f212403d075eb1afebccb7e21e094d463a33a
- SHA512
  
  1538f3ee18787485e727904eeac50ea6dbf207ff5aa61620223a33aa5c7c743d17c1ab9c499f04cb6e3954c28434f0dd01ef94412e2a62a94e77d9f996a8db27
- SSDEEP
  
  196608:lQXFWvrR+RBZuLVESPp94EMtwBVxCS8ns71EWradV3qAo5QiPZbdBD8h5sf0IfvB:l/URsVz2Z6BVxGmbeV3qc35sfFRf
Score

10^/10

xworm rat trojan
- Detect Xworm Payload
- Xworm
  Xworm is a remote access trojan written in C#.
  trojan rat xworm
- Xworm family
  xworm
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
behavioral1

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

© 2018-2025

Terms | Privacy