xworm | 93ae0ded8e229de092b27587159e255496e62680285077c17f501b3d1770965e | Triage

Submit
Reports

Overview

overview

Static

static

1

EspoofferFixed.bat

windows10-ltsc 2021-x64

Sharing

General

Target

EspoofferFixed.bat
Size

265KB
Sample

250124-sf5mgstqat
MD5

f1de9472d7d6f32316659e4fa2296a82
SHA1

51841c6da4684262484d072da2ee35d35892e657
SHA256

93ae0ded8e229de092b27587159e255496e62680285077c17f501b3d1770965e
SHA512

3843dfbe878b9a608f532dbbe9b56e722e21598cf99f2819ed3876b7fe27af7d319fa18ca5060bff219bf039703e53e79bd3186e7acdfa833f1e2e5378807fbb
SSDEEP

6144:WWrN/c6ctnMWD0qABdaTK2tJ75HsTD6MIy:WWxk6eMI0qABdG1tp5MTDvT

Score

10^/10

xworm execution rat trojan

Static task

static1

Behavioral task

behavioral1

Sample

EspoofferFixed.bat

Resource

win10ltsc2021-20250113-en

xworm execution rat trojan

windows10-ltsc 2021-x64

13 signatures

150 seconds

Malware Config

Extracted

Family

xworm

C2

IDKTOBEHONESTNIGAS-56344.portmap.io:56344

Mutex

GgTsuAV3pXf6aU6z

aes.plain

Targets

- Target
  
  EspoofferFixed.bat
- Size
  
  265KB
- MD5
  
  f1de9472d7d6f32316659e4fa2296a82
- SHA1
  
  51841c6da4684262484d072da2ee35d35892e657
- SHA256
  
  93ae0ded8e229de092b27587159e255496e62680285077c17f501b3d1770965e
- SHA512
  
  3843dfbe878b9a608f532dbbe9b56e722e21598cf99f2819ed3876b7fe27af7d319fa18ca5060bff219bf039703e53e79bd3186e7acdfa833f1e2e5378807fbb
- SSDEEP
  
  6144:WWrN/c6ctnMWD0qABdaTK2tJ75HsTD6MIy:WWxk6eMI0qABdG1tp5MTDvT
Score

10^/10

xworm execution rat trojan
- Detect Xworm Payload
- Xworm
  Xworm is a remote access trojan written in C#.
  trojan rat xworm
- Xworm family
  xworm
- Blocklisted process makes network request
- Command and Scripting Interpreter: PowerShell
  Run Powershell to modify Windows Defender settings to add exclusions for file extensions, paths, and processes.
  execution
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
behavioral1

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Command and Scripting Interpreter

PowerShell

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

xwormexecutionrattrojan

© 2018-2025

Terms | Privacy