xworm | efe289b38f29032f648a26974cca1c68599a7e24f0cb58e62fdc9e79b4d3c3c2 | Triage

Submit
Reports

Overview

overview

Static

static

Delta crac...7).zip

windows10-2004-x64

Sharing

General

Target

Delta cracked (1337).zip
Size

35.9MB
Sample

250306-m1lgfswyav
MD5

257c597061d8d887671a85fc6ccb1d6b
SHA1

ddd2ae6bfc2e4d8ab778b914b18b162b049ae807
SHA256

efe289b38f29032f648a26974cca1c68599a7e24f0cb58e62fdc9e79b4d3c3c2
SHA512

9ea0b587f75bb9b52f2f70ebc781bb23420dbe64541a7bb6544836169771070b76c4cf57cc2fd8bc8e0dd8f7bf44df27535e229fbf7f6441efb5de6ab4531757
SSDEEP

786432:Qj314x6Lf72SddZU7uKuFOu/fxAvIWXw7GmnuEhI7mNn5QSc:Qjlcuf75ZU6VtfxAvkamnu77mNnU

Score

10^/10

xworm rat trojan

Static task

static1

3 signatures

Behavioral task

behavioral1

Sample

Delta cracked (1337).zip

Resource

win10v2004-20250217-en

xworm rat trojan

windows10-2004-x64

8 signatures

150 seconds

Malware Config

Extracted

Family

xworm

C2

registered-marilyn.gl.at.ply.gg:38151

Attributes

Install_directory
%AppData%
install_file
NursultanCrack.exe

Targets

- Target
  
  Delta cracked (1337).zip
- Size
  
  35.9MB
- MD5
  
  257c597061d8d887671a85fc6ccb1d6b
- SHA1
  
  ddd2ae6bfc2e4d8ab778b914b18b162b049ae807
- SHA256
  
  efe289b38f29032f648a26974cca1c68599a7e24f0cb58e62fdc9e79b4d3c3c2
- SHA512
  
  9ea0b587f75bb9b52f2f70ebc781bb23420dbe64541a7bb6544836169771070b76c4cf57cc2fd8bc8e0dd8f7bf44df27535e229fbf7f6441efb5de6ab4531757
- SSDEEP
  
  786432:Qj314x6Lf72SddZU7uKuFOu/fxAvIWXw7GmnuEhI7mNn5QSc:Qjlcuf75ZU6VtfxAvkamnu77mNnU
Score

10^/10

xworm rat trojan
- Detect Xworm Payload
- Xworm
  Xworm is a remote access trojan written in C#.
  trojan rat xworm
- Xworm family
  xworm
- Executes dropped EXE
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
behavioral1

MITRE ATT&CK Matrix

Tasks

static1

behavioral1

© 2018-2025

Terms | Privacy