xworm | 852d02731622dc6ff56a840167695810dbef423da5c77cb6bfb05aca6ee6c826 | Triage

Submit
Reports

Overview

overview

Static

static

XX.exe

windows7-x64

XX.exe

windows10-2004-x64

Sharing

General

Target

XX.exe
Size

87KB
Sample

250302-t6jclsypy5
MD5

d5c6de191863e7210ad5c78d367ec500
SHA1

4f80e306a00a89e9ce72b085da9c347f2a9b6c7d
SHA256

852d02731622dc6ff56a840167695810dbef423da5c77cb6bfb05aca6ee6c826
SHA512

cd66a094ba9de5e6914eed35b6d3c7e9b568a8b20e352f418915f9461974becb2dd4a7ed542d89d9706ea8fb365bc3a065f751f52bfad22a585d56db8e221c3f
SSDEEP

1536:9CyhzmU2zzrAbG1wlIC9vLePbwMTHBfsrG26R320fsOJ35zCw4dKl:MIGfAlyK2bw4hfsrGFzUOJpz9fl

Score

10^/10

xworm rat trojan

Static task

static1

3 signatures

Behavioral task

behavioral1

Sample

XX.exe

Resource

win7-20240903-en

xworm rat trojan

windows7-x64

5 signatures

150 seconds

Behavioral task

behavioral2

Sample

XX.exe

Resource

win10v2004-20250217-en

xworm rat trojan

windows10-2004-x64

5 signatures

150 seconds

Malware Config

Extracted

Family

xworm

C2

three-under.gl.at.ply.gg:34716

Attributes

Install_directory
%Userprofile%
install_file
Loader.exe

Targets

- Target
  
  XX.exe
- Size
  
  87KB
- MD5
  
  d5c6de191863e7210ad5c78d367ec500
- SHA1
  
  4f80e306a00a89e9ce72b085da9c347f2a9b6c7d
- SHA256
  
  852d02731622dc6ff56a840167695810dbef423da5c77cb6bfb05aca6ee6c826
- SHA512
  
  cd66a094ba9de5e6914eed35b6d3c7e9b568a8b20e352f418915f9461974becb2dd4a7ed542d89d9706ea8fb365bc3a065f751f52bfad22a585d56db8e221c3f
- SSDEEP
  
  1536:9CyhzmU2zzrAbG1wlIC9vLePbwMTHBfsrG26R320fsOJ35zCw4dKl:MIGfAlyK2bw4hfsrGFzUOJpz9fl
Score

10^/10

xworm rat trojan
- Detect Xworm Payload
- Xworm
  Xworm is a remote access trojan written in C#.
  trojan rat xworm
- Xworm family
  xworm
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
behavioral1 behavioral2

MITRE ATT&CK Matrix

Tasks

static1

behavioral1

behavioral2

© 2018-2025

Terms | Privacy