xworm | f5a7f371f5e9a2e95aabaf891a54722fe87c97c408f04664f0eceed898c6f390 | Triage

Submit
Reports

Overview

overview

Static

static

3

Dcontrole.exe

windows10-2004-x64

Sharing

General

Target

Dcontrole.exe
Size

799KB
Sample

250302-y5d4qatqt9
MD5

32301a56c3e1fc14a7fe9e6ea9f80cd8
SHA1

4bc0bee339074032915689b79b47c37dd25d4192
SHA256

f5a7f371f5e9a2e95aabaf891a54722fe87c97c408f04664f0eceed898c6f390
SHA512

5b50c697b898bb1c83b464eb6f2e45af3b6dcf47b4c0938ca5171f700e4933aa1299397d4f0c2af92aa7e4950a60e9321d861fef5f4a8e7c379a406dede7b371
SSDEEP

24576:32HY+jy+iVKG0r5Qql4B71qQoM/eKR6UZun6:32HY8UKG0aMwe5U0n6

Score

10^/10

xworm discovery rat trojan upx

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

Dcontrole.exe

Resource

win10v2004-20250217-en

xworm discovery rat trojan upx

windows10-2004-x64

19 signatures

150 seconds

Malware Config

Extracted

Family

xworm

C2

2.tcp.eu.ngrok.io:1800

2.tcp.eu.ngrok.io:18000

Attributes

Install_directory
%AppData%
install_file
svchost.exe
telegram
https://api.telegram.org/bot7911535650:AAEUAqRiUefpOJv3v-yDVQta9ZM8Lvmwl88/sendMessage?chat_id=6426180826

Targets

- Target
  
  Dcontrole.exe
- Size
  
  799KB
- MD5
  
  32301a56c3e1fc14a7fe9e6ea9f80cd8
- SHA1
  
  4bc0bee339074032915689b79b47c37dd25d4192
- SHA256
  
  f5a7f371f5e9a2e95aabaf891a54722fe87c97c408f04664f0eceed898c6f390
- SHA512
  
  5b50c697b898bb1c83b464eb6f2e45af3b6dcf47b4c0938ca5171f700e4933aa1299397d4f0c2af92aa7e4950a60e9321d861fef5f4a8e7c379a406dede7b371
- SSDEEP
  
  24576:32HY+jy+iVKG0r5Qql4B71qQoM/eKR6UZun6:32HY8UKG0aMwe5U0n6
Score

10^/10

xworm discovery rat trojan upx
- Detect Xworm Payload
- Xworm
  Xworm is a remote access trojan written in C#.
  trojan rat xworm
- Xworm family
  xworm
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
- AutoIT Executable
  AutoIT scripts compiled to PE executables.
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
behavioral1

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

xwormdiscoveryrattrojanupx

© 2018-2025

Terms | Privacy