Overview

overview

10

Static

static

3

output.exe

windows11-21h2-x64

10

Analysis

  • max time kernel
    147s
  • max time network
    151s
  • platform
    windows11-21h2_x64
  • resource
    win11-20250217-en
  • resource tags

    arch:x64arch:x86image:win11-20250217-enlocale:en-usos:windows11-21h2-x64system
  • submitted
    06/03/2025, 04:53

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    output.exe

  • Size

    1014KB

  • MD5

    1fe1bc82ed63628e2459cff85699261c

  • SHA1

    eaecc620995ed34643971d2558209d6f47cd2319

  • SHA256

    66e13e913e1013b06ba57520ade516ad4b64ad6915d316dba337fdbfd0c641de

  • SHA512

    52e7af8f665d84cf3edd8d4721e6a30ba488819cdfda86d2dff4cd5037b4f344653c0cecd17a693ffd9c1bd157deed7ce544b96f8b3f74b98725c1f93e236491

  • SSDEEP

    24576:1S2Z01tTES8000030000000tDPDD8CErjPchZ2F+6lroxg:1SK01tK000030000000Q/02F+6lroxg

Score
10/10
xwormrattrojan

Malware Config

Extracted

Family

xworm

C2

operates-rna.with.playit.plus:4377

Attributes
  • Install_directory

    %LocalAppData%

  • install_file

    XClient2.0.exe

Signatures

  • Detect Xworm Payload 1 IoCs
  • Xworm

    Xworm is a remote access trojan written in C#.

    trojanratxworm
  • Xworm family
    xworm

Processes

  • C:\Users\Admin\AppData\Local\Temp\output.exe
    "C:\Users\Admin\AppData\Local\Temp\output.exe"
    1⤵
      PID:2276

    Network

    MITRE ATT&CK Matrix

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • memory/2276-0-0x00000247EBC00000-0x00000247EBC53000-memory.dmp

      Filesize

      332KB

      Download

    • memory/2276-1-0x00007FF70BC00000-0x00007FF70BCBF000-memory.dmp

      Filesize

      764KB

      Download