xworm | 5506ccbd33408f09b67ca5f800e20acbe0bb895f42ef3234fe07b2ccff8d06ff | Triage

Submit
Reports

Overview

overview

Static

static

main.exe

windows7-x64

main.exe

windows10-2004-x64

Sharing

General

Target

main.exe
Size

69KB
Sample

250303-aw3hys1jy7
MD5

4822ba6a636e6004d529acd1c343d918
SHA1

6d3be23dbaf66ea561f4455bd7323cf9cd4c293d
SHA256

5506ccbd33408f09b67ca5f800e20acbe0bb895f42ef3234fe07b2ccff8d06ff
SHA512

9e018aa44dfc8f4a568e38530dc5b9893462afd9e0cfeb1fc40ff3ac512ed25ec86c50e59fe4d76d781e04195d7df36255a9e4dbc59cfdc940c4939985a173ee
SSDEEP

1536:s9RN41yg3LTU2a0AvR5bbT28ogW66QnBYOo+OyfX:4RN09LAvfbbC8olZpkOyfX

Score

10^/10

xworm rat trojan

Static task

static1

3 signatures

Behavioral task

behavioral1

Sample

main.exe

Resource

win7-20240903-en

xworm rat trojan

windows7-x64

5 signatures

150 seconds

Behavioral task

behavioral2

Sample

main.exe

Resource

win10v2004-20250217-en

xworm rat trojan

windows10-2004-x64

5 signatures

150 seconds

Malware Config

Extracted

Family

xworm

C2

173.31.160.10:4040

Attributes

Install_directory
%AppData%
install_file
USB.exe

Targets

- Target
  
  main.exe
- Size
  
  69KB
- MD5
  
  4822ba6a636e6004d529acd1c343d918
- SHA1
  
  6d3be23dbaf66ea561f4455bd7323cf9cd4c293d
- SHA256
  
  5506ccbd33408f09b67ca5f800e20acbe0bb895f42ef3234fe07b2ccff8d06ff
- SHA512
  
  9e018aa44dfc8f4a568e38530dc5b9893462afd9e0cfeb1fc40ff3ac512ed25ec86c50e59fe4d76d781e04195d7df36255a9e4dbc59cfdc940c4939985a173ee
- SSDEEP
  
  1536:s9RN41yg3LTU2a0AvR5bbT28ogW66QnBYOo+OyfX:4RN09LAvfbbC8olZpkOyfX
Score

10^/10

xworm rat trojan
- Detect Xworm Payload
- Xworm
  Xworm is a remote access trojan written in C#.
  trojan rat xworm
- Xworm family
  xworm
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
behavioral1 behavioral2

MITRE ATT&CK Matrix

Tasks

static1

behavioral1

behavioral2

© 2018-2025

Terms | Privacy