xworm | cb809403804dda0781d3ad0d3758b238c60258620158cd1a6e1e4392ba82ec5e | Triage

Submit
Reports

Overview

overview

Static

static

cb80940380...eN.exe

windows7-x64

cb80940380...eN.exe

windows10-2004-x64

Sharing

General

Target

cb809403804dda0781d3ad0d3758b238c60258620158cd1a6e1e4392ba82ec5eN.exe
Size

50KB
Sample

241119-g2esea1dma
MD5

564993fe4cb3bc168f9886c4859d7d90
SHA1

18a3d1237e29c40ded4e08be27afc048f9f9352b
SHA256

cb809403804dda0781d3ad0d3758b238c60258620158cd1a6e1e4392ba82ec5e
SHA512

240832c69d5986bec0c8253bc9b91c433295bc23810429f3e0387b79a5e1af67d869795d1bbe3c9351f50ddfae9734d202171695cfc93cd9afad8c4a5d4eb493
SSDEEP

768:AvPzXMVK5uDLY894aZzde0Qnkbb5OfIhWsHQChaYpGAvOgi5hnW8xAn:4XMlPYAWXkbb5GPTYUKOFLY

Score

10^/10

xworm rat trojan

Static task

static1

3 signatures

Behavioral task

behavioral1

Sample

cb809403804dda0781d3ad0d3758b238c60258620158cd1a6e1e4392ba82ec5eN.exe

Resource

win7-20241023-en

xworm rat trojan

windows7-x64

9 signatures

120 seconds

Behavioral task

behavioral2

Sample

cb809403804dda0781d3ad0d3758b238c60258620158cd1a6e1e4392ba82ec5eN.exe

Resource

win10v2004-20241007-en

xworm rat trojan

windows10-2004-x64

10 signatures

120 seconds

Malware Config

Extracted

Family

xworm

C2

states-allocation.gl.at.ply.gg:33251

Attributes

Install_directory
%Userprofile%
install_file
svchosts.exe

Targets

- Target
  
  cb809403804dda0781d3ad0d3758b238c60258620158cd1a6e1e4392ba82ec5eN.exe
- Size
  
  50KB
- MD5
  
  564993fe4cb3bc168f9886c4859d7d90
- SHA1
  
  18a3d1237e29c40ded4e08be27afc048f9f9352b
- SHA256
  
  cb809403804dda0781d3ad0d3758b238c60258620158cd1a6e1e4392ba82ec5e
- SHA512
  
  240832c69d5986bec0c8253bc9b91c433295bc23810429f3e0387b79a5e1af67d869795d1bbe3c9351f50ddfae9734d202171695cfc93cd9afad8c4a5d4eb493
- SSDEEP
  
  768:AvPzXMVK5uDLY894aZzde0Qnkbb5OfIhWsHQChaYpGAvOgi5hnW8xAn:4XMlPYAWXkbb5GPTYUKOFLY
Score

10^/10

xworm rat trojan
- Detect Xworm Payload
- Xworm
  Xworm is a remote access trojan written in C#.
  trojan rat xworm
- Xworm family
  xworm
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Scheduled Task/Job

Scheduled Task

Persistence

Scheduled Task/Job

Scheduled Task

Privilege Escalation

Scheduled Task/Job

Scheduled Task

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2

© 2018-2025

Terms | Privacy