xworm | b485b0b51b8307c750b3452a7965e538d9576f76ccab3b6e4a086201e854ef7f | Triage

Submit
Reports

Overview

overview

Static

static

3

Output.exe

windows7-x64

Output.exe

windows10-2004-x64

Sharing

General

Target

Output.exe
Size

2.0MB
Sample

250307-xp3ayavrs7
MD5

cb426d21428bc8468cf85d260f0b35b3
SHA1

1c719bb607925916fc2446002f2c1f8ced2adf3f
SHA256

b485b0b51b8307c750b3452a7965e538d9576f76ccab3b6e4a086201e854ef7f
SHA512

23c2691731665a5d1ebc908a8b52f684c68fe7e9253dbedd59deae683d3ffe0b24db1d2f74a692e957e2b931558a662af38821d9412eb7428dab623fa2e30ac6
SSDEEP

49152:K2ooOms+N4tFHLO9LCiGxyLp9UaqNU3skJVPA78Cj:K0K7LOwifLp9K1sVE8

Score

10^/10

xworm pyinstaller rat trojan

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

Output.exe

Resource

win7-20240903-en

xworm pyinstaller rat trojan

windows7-x64

10 signatures

150 seconds

Behavioral task

behavioral2

Sample

Output.exe

Resource

win10v2004-20250217-en

xworm pyinstaller rat trojan

windows10-2004-x64

10 signatures

150 seconds

Malware Config

Extracted

Family

xworm

Version

5.0

Mutex

qxXFT7Xfzgf1uMiL

Attributes

Install_directory
%AppData%
install_file
svchost.exe
pastebin_url
https://pastebin.com/raw/MNJM1De2

aes.plain

Targets

- Target
  
  Output.exe
- Size
  
  2.0MB
- MD5
  
  cb426d21428bc8468cf85d260f0b35b3
- SHA1
  
  1c719bb607925916fc2446002f2c1f8ced2adf3f
- SHA256
  
  b485b0b51b8307c750b3452a7965e538d9576f76ccab3b6e4a086201e854ef7f
- SHA512
  
  23c2691731665a5d1ebc908a8b52f684c68fe7e9253dbedd59deae683d3ffe0b24db1d2f74a692e957e2b931558a662af38821d9412eb7428dab623fa2e30ac6
- SSDEEP
  
  49152:K2ooOms+N4tFHLO9LCiGxyLp9UaqNU3skJVPA78Cj:K0K7LOwifLp9K1sVE8
Score

10^/10

xworm pyinstaller rat trojan
- Detect Xworm Payload
- Xworm
  Xworm is a remote access trojan written in C#.
  trojan rat xworm
- Xworm family
  xworm
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Loads dropped DLL
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

xwormpyinstallerrattrojan

behavioral2

xwormpyinstallerrattrojan

© 2018-2025

Terms | Privacy