xworm | 27d7a34caa69ac39da3a839cfa04bc3ce6c01951e68094b9abb496f75ef08b1e | Triage

Submit
Reports

Overview

overview

Static

static

27d7a34caa...1e.exe

windows7-x64

27d7a34caa...1e.exe

windows10-2004-x64

Sharing

General

Target

27d7a34caa69ac39da3a839cfa04bc3ce6c01951e68094b9abb496f75ef08b1e.exe
Size

76KB
Sample

250302-cm7ses1mt5
MD5

eb7801d2d43995b4e7532e7020c5c509
SHA1

e28715c7a888315d86b8247981238a72bbdbcfff
SHA256

27d7a34caa69ac39da3a839cfa04bc3ce6c01951e68094b9abb496f75ef08b1e
SHA512

0bc22c79ec57197f61e7bffb3d78c4163066964f24c4f40fd95d828b0fd3f281da14693f7e1bab5f345baaa15f2f259f9ca3d20fe90517b4b676a7296978b1bf
SSDEEP

1536:t510DiS3GNRnQEbax2JZMwo06WKw1XjvOoxXxbYDXJt0ld:tKitRnBbk2JgH8OoxBbaXj0ld

Score

10^/10

xworm rat trojan

Static task

static1

3 signatures

Behavioral task

behavioral1

Sample

27d7a34caa69ac39da3a839cfa04bc3ce6c01951e68094b9abb496f75ef08b1e.exe

Resource

win7-20240729-en

xworm rat trojan

windows7-x64

5 signatures

150 seconds

Behavioral task

behavioral2

Sample

27d7a34caa69ac39da3a839cfa04bc3ce6c01951e68094b9abb496f75ef08b1e.exe

Resource

win10v2004-20250217-en

xworm rat trojan

windows10-2004-x64

5 signatures

150 seconds

Malware Config

Extracted

Family

xworm

Attributes

Install_directory
%AppData%
install_file
System32.exe
pastebin_url
https://pastebin.com/raw/qHicYh9j

Targets

- Target
  
  27d7a34caa69ac39da3a839cfa04bc3ce6c01951e68094b9abb496f75ef08b1e.exe
- Size
  
  76KB
- MD5
  
  eb7801d2d43995b4e7532e7020c5c509
- SHA1
  
  e28715c7a888315d86b8247981238a72bbdbcfff
- SHA256
  
  27d7a34caa69ac39da3a839cfa04bc3ce6c01951e68094b9abb496f75ef08b1e
- SHA512
  
  0bc22c79ec57197f61e7bffb3d78c4163066964f24c4f40fd95d828b0fd3f281da14693f7e1bab5f345baaa15f2f259f9ca3d20fe90517b4b676a7296978b1bf
- SSDEEP
  
  1536:t510DiS3GNRnQEbax2JZMwo06WKw1XjvOoxXxbYDXJt0ld:tKitRnBbk2JgH8OoxBbaXj0ld
Score

10^/10

xworm rat trojan
- Detect Xworm Payload
- Xworm
  Xworm is a remote access trojan written in C#.
  trojan rat xworm
- Xworm family
  xworm
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
behavioral1 behavioral2

MITRE ATT&CK Matrix

Tasks

static1

behavioral1

behavioral2

© 2018-2025

Terms | Privacy