xworm | 72e042efd827eea033ca9b67305a034624b9caa5de4c88349e22ef10e4b3e2d4 | Triage

Submit
Reports

Overview

overview

Static

static

3

Output.exe

windows11-21h2-x64

Resubmissions

24-01-2025 21:20

250124-z66e2ayqf1 10

Sharing

General

Target

Output.exe
Size

859KB
Sample

250124-z66e2ayqf1
MD5

834cc6afb78b7b393a80fe6eba060353
SHA1

9a8efada70efd1abd0a5c2f143e090ae296d27a8
SHA256

72e042efd827eea033ca9b67305a034624b9caa5de4c88349e22ef10e4b3e2d4
SHA512

ab760c656387cdb8f1ca93ecf0df0bc2f6ed0dca454a4a14d3742686e7471a886ada04985a28a816d951fe976aed1f8986096ed3da2acc23847dcffd08de5266
SSDEEP

24576:coE2R0w2cOlV1ljjjjjjjjjjjlygjeivVrVJwbif+Y17JvGHwDeFyFSxEUCp3AdT:D32cqe060dAPRAhq6Q5Q

Score

10^/10

xworm discovery execution rat trojan

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

Output.exe

Resource

win11-20241007-en

xworm discovery execution rat trojan

windows11-21h2-x64

13 signatures

150 seconds

Malware Config

Extracted

Family

xworm

C2

127.0.0.1:30717

window-prize.gl.at.ply.gg:30717

Attributes

Install_directory
%AppData%
install_file
XClient.exe

Targets

- Target
  
  Output.exe
- Size
  
  859KB
- MD5
  
  834cc6afb78b7b393a80fe6eba060353
- SHA1
  
  9a8efada70efd1abd0a5c2f143e090ae296d27a8
- SHA256
  
  72e042efd827eea033ca9b67305a034624b9caa5de4c88349e22ef10e4b3e2d4
- SHA512
  
  ab760c656387cdb8f1ca93ecf0df0bc2f6ed0dca454a4a14d3742686e7471a886ada04985a28a816d951fe976aed1f8986096ed3da2acc23847dcffd08de5266
- SSDEEP
  
  24576:coE2R0w2cOlV1ljjjjjjjjjjjlygjeivVrVJwbif+Y17JvGHwDeFyFSxEUCp3AdT:D32cqe060dAPRAhq6Q5Q
Score

10^/10

xworm discovery execution rat trojan
- Detect Xworm Payload
- Xworm
  Xworm is a remote access trojan written in C#.
  trojan rat xworm
- Xworm family
  xworm
- Command and Scripting Interpreter: PowerShell
  Run Powershell to modify Windows Defender settings to add exclusions for file extensions, paths, and processes.
  execution
- Drops startup file
- Executes dropped EXE
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
behavioral1

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Command and Scripting Interpreter

PowerShell

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

xwormdiscoveryexecutionrattrojan

© 2018-2025

Terms | Privacy