xworm | a02f4d66be93cac92899b5c049d2eb5758bcd928908123e344806b7568faeded | Triage

Submit
Reports

Overview

overview

Static

static

Nurik 1.12....5.rar

windows11-21h2-x64

Sharing

General

Target

Nurik 1.12.2-1.16.5.rar
Size

9.7MB
Sample

250306-r3lbpaz1fs
MD5

9c24f5afafb5485602bb389ac6b92867
SHA1

d129eec0347c9ed7136508fa9c53d52d7be32fe4
SHA256

a02f4d66be93cac92899b5c049d2eb5758bcd928908123e344806b7568faeded
SHA512

87af3614369e0258e500596ff872a09395085bae4de1d34a3ad134f98ae563e29fb435e375d25eaa046df22fe740154e19b3084bd57473b36c80ab7d20ca5af3
SSDEEP

196608:zufLYMePTVw+Qo3dnhQAiJBcH7Y3r7ufvnQwAWRjt0P7s9vMu70klu/o:zuTr6p1hQD3cH23SnQwFRjtiWvMfro

Score

10^/10

xworm rat trojan

Static task

static1

3 signatures

Behavioral task

behavioral1

Sample

Nurik 1.12.2-1.16.5.rar

Resource

win11-20250217-en

xworm rat trojan

windows11-21h2-x64

12 signatures

150 seconds

Malware Config

Extracted

Family

xworm

Version

5.0

C2

Idlerkik-51025.portmap.host:51025

Mutex

rSFFOfqaVoKkdUae

Attributes

Install_directory
%AppData%
install_file
svhost.exe

aes.plain

Targets

- Target
  
  Nurik 1.12.2-1.16.5.rar
- Size
  
  9.7MB
- MD5
  
  9c24f5afafb5485602bb389ac6b92867
- SHA1
  
  d129eec0347c9ed7136508fa9c53d52d7be32fe4
- SHA256
  
  a02f4d66be93cac92899b5c049d2eb5758bcd928908123e344806b7568faeded
- SHA512
  
  87af3614369e0258e500596ff872a09395085bae4de1d34a3ad134f98ae563e29fb435e375d25eaa046df22fe740154e19b3084bd57473b36c80ab7d20ca5af3
- SSDEEP
  
  196608:zufLYMePTVw+Qo3dnhQAiJBcH7Y3r7ufvnQwAWRjt0P7s9vMu70klu/o:zuTr6p1hQD3cH23SnQwFRjtiWvMfro
Score

10^/10

xworm rat trojan
- Detect Xworm Payload
- Xworm
  Xworm is a remote access trojan written in C#.
  trojan rat xworm
- Xworm family
  xworm
- Executes dropped EXE
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
behavioral1

MITRE ATT&CK Matrix

Tasks

static1

behavioral1

© 2018-2025

Terms | Privacy