xworm | a3b73fded2b9faa31303d7dc5905781ddfed85b17beff7042b212554fb25acac | Triage

Submit
Reports

Overview

overview

Static

static

Deltacracked.exe

windows7-x64

Deltacracked.exe

windows10-2004-x64

Sharing

General

Target

Deltacracked.exe
Size

71KB
Sample

250305-yeyqfaw1fw
MD5

de8984199cea928c5ce0773ce065a545
SHA1

1f85e446829d06841869eda7cc0a9767ee4b7c1e
SHA256

a3b73fded2b9faa31303d7dc5905781ddfed85b17beff7042b212554fb25acac
SHA512

677c58836e563dc708bc89ca2f70b675783762dbdd28b070dece97c66f7aacc969dfe575ab4b68c0dd93b809746373eb61d63253ce2d7ecea170fe3c52747d60
SSDEEP

1536:N0/NWyFYaOmsMFvStuG5IR+e1ywgpDQYbUckDP6dTrOAGH:N0FW2MkR+eAw+bUHgrOAGH

Score

10^/10

xworm rat trojan

Static task

static1

3 signatures

Behavioral task

behavioral1

Sample

Deltacracked.exe

Resource

win7-20241010-en

xworm rat trojan

windows7-x64

5 signatures

150 seconds

Behavioral task

behavioral2

Sample

Deltacracked.exe

Resource

win10v2004-20250217-en

xworm rat trojan

windows10-2004-x64

5 signatures

150 seconds

Malware Config

Extracted

Family

xworm

C2

registered-marilyn.gl.at.ply.gg:38151

Attributes

Install_directory
%AppData%
install_file
NursultanCrack.exe

Targets

- Target
  
  Deltacracked.exe
- Size
  
  71KB
- MD5
  
  de8984199cea928c5ce0773ce065a545
- SHA1
  
  1f85e446829d06841869eda7cc0a9767ee4b7c1e
- SHA256
  
  a3b73fded2b9faa31303d7dc5905781ddfed85b17beff7042b212554fb25acac
- SHA512
  
  677c58836e563dc708bc89ca2f70b675783762dbdd28b070dece97c66f7aacc969dfe575ab4b68c0dd93b809746373eb61d63253ce2d7ecea170fe3c52747d60
- SSDEEP
  
  1536:N0/NWyFYaOmsMFvStuG5IR+e1ywgpDQYbUckDP6dTrOAGH:N0FW2MkR+eAw+bUHgrOAGH
Score

10^/10

xworm rat trojan
- Detect Xworm Payload
- Xworm
  Xworm is a remote access trojan written in C#.
  trojan rat xworm
- Xworm family
  xworm
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
behavioral1 behavioral2

MITRE ATT&CK Matrix

Tasks

static1

behavioral1

behavioral2

© 2018-2025

Terms | Privacy