xworm | 0d5b834411c554bfc9c847d98a1f821a340498db83eff0d8c53c2591e2a74927 | Triage

Submit
Reports

Overview

overview

Static

static

NursultanI...er.exe

windows10-ltsc 2021-x64

Sharing

General

Target

NursultanInstaller.exe
Size

65KB
Sample

250305-g9wqws1vgx
MD5

e68a1f37e2d6dfa0f872fa3686c191b6
SHA1

37b7cd6008897f8f1505476831920c4ba70d4dd6
SHA256

0d5b834411c554bfc9c847d98a1f821a340498db83eff0d8c53c2591e2a74927
SHA512

4dd80c907d191c24830f50747e6d553a43e8160cffb036d0e7a39c50255ca29eba17f68a3a42e3f2dbad9d45431dfc4acfdbbcb17ea6d84df5de84a356496aba
SSDEEP

1536:sV9kuY/lp2pq1PQj24Ibl/imCWMwY7I6lvFGOkAiZv:cw72pq1oybl/DH98nvcO7iZv

Score

10^/10

xworm rat trojan

Static task

static1

3 signatures

Behavioral task

behavioral1

Sample

NursultanInstaller.exe

Resource

win10ltsc2021-20250217-en

xworm rat trojan

windows10-ltsc 2021-x64

5 signatures

30 seconds

Malware Config

Extracted

Family

xworm

C2

teachers-caught.gl.at.ply.gg:19879

Attributes

Install_directory
%AppData%
install_file
XClient.exe

Targets

- Target
  
  NursultanInstaller.exe
- Size
  
  65KB
- MD5
  
  e68a1f37e2d6dfa0f872fa3686c191b6
- SHA1
  
  37b7cd6008897f8f1505476831920c4ba70d4dd6
- SHA256
  
  0d5b834411c554bfc9c847d98a1f821a340498db83eff0d8c53c2591e2a74927
- SHA512
  
  4dd80c907d191c24830f50747e6d553a43e8160cffb036d0e7a39c50255ca29eba17f68a3a42e3f2dbad9d45431dfc4acfdbbcb17ea6d84df5de84a356496aba
- SSDEEP
  
  1536:sV9kuY/lp2pq1PQj24Ibl/imCWMwY7I6lvFGOkAiZv:cw72pq1oybl/DH98nvcO7iZv
Score

10^/10

xworm rat trojan
- Detect Xworm Payload
- Xworm
  Xworm is a remote access trojan written in C#.
  trojan rat xworm
- Xworm family
  xworm
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
behavioral1

MITRE ATT&CK Matrix

Tasks

static1

behavioral1

© 2018-2025

Terms | Privacy