xworm | 2c9e685a4794cd19497c3d1fd8eb7b7f6954aed7b6d707fe3ec73ca243c842d8 | Triage

Submit
Reports

Overview

overview

Static

static

3

2c9e685a47...d8.exe

windows7-x64

2c9e685a47...d8.exe

windows10-2004-x64

Sharing

General

Target

2c9e685a4794cd19497c3d1fd8eb7b7f6954aed7b6d707fe3ec73ca243c842d8
Size

609KB
Sample

250308-lej6tsvms8
MD5

057d1b4db652dce1eb4523352247706a
SHA1

148b7fb8db688e258bf9f44bbe5e9d3ed08f7402
SHA256

2c9e685a4794cd19497c3d1fd8eb7b7f6954aed7b6d707fe3ec73ca243c842d8
SHA512

e2ecdc34cf60eb406122348ecfa4e2eee5e3bd068f94b7d40a6d2e06debe66dd04f7df2b630324d982b40ce065f399f77982369d131403480aae19b01452a731
SSDEEP

12288:TITw2OrZu5MDbsJlgK5dZ4UjYCUbTgjwGEJRjN:cTZOlCMPsJGtCUb88Gm

Score

10^/10

xworm rat trojan

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

2c9e685a4794cd19497c3d1fd8eb7b7f6954aed7b6d707fe3ec73ca243c842d8.exe

Resource

win7-20240903-en

xworm rat trojan

windows7-x64

7 signatures

150 seconds

Behavioral task

behavioral2

Sample

2c9e685a4794cd19497c3d1fd8eb7b7f6954aed7b6d707fe3ec73ca243c842d8.exe

Resource

win10v2004-20250217-en

xworm rat trojan

windows10-2004-x64

8 signatures

150 seconds

Malware Config

Extracted

Family

xworm

C2

147.185.221.24:24206

Attributes

install_file
USB.exe

Targets

- Target
  
  2c9e685a4794cd19497c3d1fd8eb7b7f6954aed7b6d707fe3ec73ca243c842d8
- Size
  
  609KB
- MD5
  
  057d1b4db652dce1eb4523352247706a
- SHA1
  
  148b7fb8db688e258bf9f44bbe5e9d3ed08f7402
- SHA256
  
  2c9e685a4794cd19497c3d1fd8eb7b7f6954aed7b6d707fe3ec73ca243c842d8
- SHA512
  
  e2ecdc34cf60eb406122348ecfa4e2eee5e3bd068f94b7d40a6d2e06debe66dd04f7df2b630324d982b40ce065f399f77982369d131403480aae19b01452a731
- SSDEEP
  
  12288:TITw2OrZu5MDbsJlgK5dZ4UjYCUbTgjwGEJRjN:cTZOlCMPsJGtCUb88Gm
Score

10^/10

xworm rat trojan
- Detect Xworm Payload
- Xworm
  Xworm is a remote access trojan written in C#.
  trojan rat xworm
- Xworm family
  xworm
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2

© 2018-2025

Terms | Privacy