xworm | fc163ccd515e93133219915d85cea6f59abc9e78ad8e8cb0e9d0a50ea9937290 | Triage

Submit
Reports

Overview

overview

Static

static

1

Stigma (1).rar

windows10-2004-x64

Sharing

General

Target

Stigma (1).rar
Size

2.5MB
Sample

250227-c9rdyssqy4
MD5

51da68bedfaa8ebf202ab82276734440
SHA1

defdfdc18854eb6da60c1d89ad1f3a7a8df07c0c
SHA256

fc163ccd515e93133219915d85cea6f59abc9e78ad8e8cb0e9d0a50ea9937290
SHA512

a4f188c705d8ad353121639e5b2d94336b19bcc3eec89494dcc0d4d3c38c01ccbbd14e554815b222b7818bb0223a1fe04ce706023aba08cad19efd7d5653f8fc
SSDEEP

49152:gm6iutSWQo9VHBtcJoacfn42UlIsY/ArR50qvqe4s3GnTFaejfmje7:gCutSmH7cJoacf4rlI/svqe4eGBae+a

Score

10^/10

xworm rat trojan

Static task

static1

Behavioral task

behavioral1

Sample

Stigma (1).rar

Resource

win10v2004-20250217-en

xworm rat trojan

windows10-2004-x64

10 signatures

150 seconds

Malware Config

Extracted

Family

xworm

Version

5.0

C2

all-te.gl.at.ply.gg:5211

Mutex

L2DNBg468eZWboE2

Attributes

Install_directory
%AppData%
install_file
XClient.exe

aes.plain

Targets

- Target
  
  Stigma (1).rar
- Size
  
  2.5MB
- MD5
  
  51da68bedfaa8ebf202ab82276734440
- SHA1
  
  defdfdc18854eb6da60c1d89ad1f3a7a8df07c0c
- SHA256
  
  fc163ccd515e93133219915d85cea6f59abc9e78ad8e8cb0e9d0a50ea9937290
- SHA512
  
  a4f188c705d8ad353121639e5b2d94336b19bcc3eec89494dcc0d4d3c38c01ccbbd14e554815b222b7818bb0223a1fe04ce706023aba08cad19efd7d5653f8fc
- SSDEEP
  
  49152:gm6iutSWQo9VHBtcJoacfn42UlIsY/ArR50qvqe4s3GnTFaejfmje7:gCutSmH7cJoacf4rlI/svqe4eGBae+a
Score

10^/10

xworm rat trojan
- Detect Xworm Payload
- Xworm
  Xworm is a remote access trojan written in C#.
  trojan rat xworm
- Xworm family
  xworm
- Executes dropped EXE
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
behavioral1

MITRE ATT&CK Matrix

Tasks

static1

behavioral1

© 2018-2025

Terms | Privacy