xworm | fcc210328de6701635014f8601c9af5e34f5e53f454f280240fdd4113d7267f3 | Triage

Submit
Reports

Overview

overview

Static

static

3

WaveInstaller.exe

windows11-21h2-x64

Sharing

Copy URL Twitter E-mail

General

Target

WaveInstaller.exe
Size

29.4MB
Sample

241202-fa2x7azpct
MD5

9243966bfec0d7ebb41008f8ab62c656
SHA1

95409ecf0e6325231d9ef106eb323dd64109c393
SHA256

fcc210328de6701635014f8601c9af5e34f5e53f454f280240fdd4113d7267f3
SHA512

0afe27ac64ecb1c052152a35b06bf1ff8dd0bc3086cef8cba77f85d87ca012df7417f756033bec2cef79f9612b6364c22b213de69c3c5aacc60097b6865a76c4
SSDEEP

786432:Yz8z4GAOhNZ2xM7oXqNgowioSC92WIiuDI:Yz8z4TOhNp7o6mioh9XIiS

Score

10^/10

xworm discovery pyinstaller rat trojan upx

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

WaveInstaller.exe

Resource

win11-20241007-en

xworm discovery pyinstaller rat trojan upx

windows11-21h2-x64

13 signatures

1800 seconds

Malware Config

Extracted

Family

xworm

C2

127.0.0.1:54183

193.161.193.99:54183

blakedonahue-54183.portmap.host:54183

Attributes

Install_directory
%ProgramData%
install_file
WaveUpdater.exe

Targets

- Target
  
  WaveInstaller.exe
- Size
  
  29.4MB
- MD5
  
  9243966bfec0d7ebb41008f8ab62c656
- SHA1
  
  95409ecf0e6325231d9ef106eb323dd64109c393
- SHA256
  
  fcc210328de6701635014f8601c9af5e34f5e53f454f280240fdd4113d7267f3
- SHA512
  
  0afe27ac64ecb1c052152a35b06bf1ff8dd0bc3086cef8cba77f85d87ca012df7417f756033bec2cef79f9612b6364c22b213de69c3c5aacc60097b6865a76c4
- SSDEEP
  
  786432:Yz8z4GAOhNZ2xM7oXqNgowioSC92WIiuDI:Yz8z4TOhNp7o6mioh9XIiS
Score

10^/10

xworm discovery pyinstaller rat trojan upx
- Detect Xworm Payload
- Xworm
  Xworm is a remote access trojan written in C#.
  trojan rat xworm
- Xworm family
  xworm
- Executes dropped EXE
- Legitimate hosting services abused for malware hosting/C2
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
behavioral1

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Scheduled Task/Job

Scheduled Task

Persistence

Scheduled Task/Job

Scheduled Task

Privilege Escalation

Scheduled Task/Job

Scheduled Task

Defense Evasion

Modify Registry

Credential Access

Discovery

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Web Service

Exfiltration

Impact

Tasks

static1

behavioral1

xwormdiscoverypyinstallerrattrojanupx

© 2018-2025

Terms | Privacy