xworm | a3b2fdc9903049997ece0fd5ae96922642477a8ad822c9d8a53d574b8459aca5 | Triage

Submit
Reports

Overview

overview

Static

static

3

matrixnew mapper.exe

windows10-ltsc 2021-x64

Sharing

General

Target

matrixnew mapper.exe
Size

4.5MB
Sample

250304-yzkdjsy1dv
MD5

2661e9a9b063a4d7a96686aa8e4ffa04
SHA1

cf6af9701e80fb8000f0820e649e9683f7e0e659
SHA256

a3b2fdc9903049997ece0fd5ae96922642477a8ad822c9d8a53d574b8459aca5
SHA512

6bda80210f421d64d8a954564689bdb3fc8f8e229e748c0aca846e9ae2f2b7bf24533a85ba22d0d2771f36a88e38d5918b9b387a6224f83301f5eda70bd3bf83
SSDEEP

98304:j8E/0PCfmKGyVXme/TglieUxwXvsmpvMvdDXieB:4NPCRGyvslieUcOvdDXiS

Score

10^/10

xworm rat trojan

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

matrixnew mapper.exe

Resource

win10ltsc2021-20250217-en

xworm rat trojan

windows10-ltsc 2021-x64

13 signatures

150 seconds

Malware Config

Extracted

Family

xworm

Version

5.0

C2

paul-nw.gl.at.ply.gg:51413

Mutex

AVvzTAnLyW8qQCcO

Attributes

Install_directory
%AppData%
install_file
kev.exe

aes.plain

Targets

- Target
  
  matrixnew mapper.exe
- Size
  
  4.5MB
- MD5
  
  2661e9a9b063a4d7a96686aa8e4ffa04
- SHA1
  
  cf6af9701e80fb8000f0820e649e9683f7e0e659
- SHA256
  
  a3b2fdc9903049997ece0fd5ae96922642477a8ad822c9d8a53d574b8459aca5
- SHA512
  
  6bda80210f421d64d8a954564689bdb3fc8f8e229e748c0aca846e9ae2f2b7bf24533a85ba22d0d2771f36a88e38d5918b9b387a6224f83301f5eda70bd3bf83
- SSDEEP
  
  98304:j8E/0PCfmKGyVXme/TglieUxwXvsmpvMvdDXieB:4NPCRGyvslieUcOvdDXiS
Score

10^/10

xworm rat trojan
- Detect Xworm Payload
- Xworm
  Xworm is a remote access trojan written in C#.
  trojan rat xworm
- Xworm family
  xworm
- Drops file in Drivers directory
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Legitimate hosting services abused for malware hosting/C2
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
- Suspicious use of NtSetInformationThreadHideFromDebugger
behavioral1

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Web Service

Exfiltration

Impact

Tasks

static1

behavioral1

© 2018-2025

Terms | Privacy