xworm | e000083fbb34cf231e37d9d5c86ba40c8266efe106eb1a8b7e80cf1c0cc4768e | Triage

Submit
Reports

Overview

overview

Static

static

5

e000083fbb...8e.exe

windows7-x64

e000083fbb...8e.exe

windows10-2004-x64

Sharing

General

Target

e000083fbb34cf231e37d9d5c86ba40c8266efe106eb1a8b7e80cf1c0cc4768e.exe
Size

1.1MB
Sample

250120-d323jsyqg1
MD5

4a38f76b967f388a213ff4955d504ecc
SHA1

8749c398b6ae571994d0db8a86c9f13dd739c9bf
SHA256

e000083fbb34cf231e37d9d5c86ba40c8266efe106eb1a8b7e80cf1c0cc4768e
SHA512

2da9ceb255c1f1149d0439fdf83be08dba9d292836fd4352c410778d59ea9c08e24c564a8b76af79d089e30a110ac144c1d93dac19d50d43c8036d610313a56a
SSDEEP

24576:sqDEvCTbMWu7rQYlBQcBiT6rprG8aZ0tmEbmZpA:sTvC/MTQYxsWR7aZ9eom

Score

10^/10

xworm discovery rat trojan

Static task

static1

2 signatures

Behavioral task

behavioral1

Sample

e000083fbb34cf231e37d9d5c86ba40c8266efe106eb1a8b7e80cf1c0cc4768e.exe

Resource

win7-20240903-en

xworm discovery rat trojan

windows7-x64

9 signatures

120 seconds

Behavioral task

behavioral2

Sample

e000083fbb34cf231e37d9d5c86ba40c8266efe106eb1a8b7e80cf1c0cc4768e.exe

Resource

win10v2004-20241007-en

xworm discovery rat trojan

windows10-2004-x64

9 signatures

120 seconds

Malware Config

Targets

- Target
  
  e000083fbb34cf231e37d9d5c86ba40c8266efe106eb1a8b7e80cf1c0cc4768e.exe
- Size
  
  1.1MB
- MD5
  
  4a38f76b967f388a213ff4955d504ecc
- SHA1
  
  8749c398b6ae571994d0db8a86c9f13dd739c9bf
- SHA256
  
  e000083fbb34cf231e37d9d5c86ba40c8266efe106eb1a8b7e80cf1c0cc4768e
- SHA512
  
  2da9ceb255c1f1149d0439fdf83be08dba9d292836fd4352c410778d59ea9c08e24c564a8b76af79d089e30a110ac144c1d93dac19d50d43c8036d610313a56a
- SSDEEP
  
  24576:sqDEvCTbMWu7rQYlBQcBiT6rprG8aZ0tmEbmZpA:sTvC/MTQYxsWR7aZ9eom
Score

10^/10

xworm discovery rat trojan
- Detect Xworm Payload
- Xworm
  Xworm is a remote access trojan written in C#.
  trojan rat xworm
- Xworm family
  xworm
- .NET Reactor proctector
  Detects an executable protected by an unregistered version of Eziriz's .NET Reactor.
- Legitimate hosting services abused for malware hosting/C2
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Web Service

Exfiltration

Impact

Tasks

static1

behavioral1

xwormdiscoveryrattrojan

behavioral2

xwormdiscoveryrattrojan

© 2018-2025

Terms | Privacy