xworm | ae790bbbadeb38db0e345970612a859e0b9888c976d798105a48a81ced48ff40 | Triage

Submit
Reports

Overview

overview

Static

static

3

Vanta Bundle.rar

windows10-2004-x64

Resubmissions

28/03/2025, 07:19 UTC

250328-h5ykcss1bx 10

28/03/2025, 07:15 UTC

250328-h29hfsvmy4 10

Sharing

General

Target

Vanta Bundle.rar
Size

100KB
Sample

250328-h29hfsvmy4
MD5

b622d4beb1f53e776cbe210b5c0bd3af
SHA1

c7a09721ad876715a9c419db5da263fe3dc1d905
SHA256

ae790bbbadeb38db0e345970612a859e0b9888c976d798105a48a81ced48ff40
SHA512

460ee20a7e044e7351bcb6534823ea28f30de20e71192571ef351b72e559719efd2ffc70f176fe39cc8c03c4c9e52f5ee26aa3897f76cca403a0eb0b6d45cd86
SSDEEP

1536:e19R7X+Z3yNPvbCrWNHdUUYtboOeJSpL0VblnPwVa/YgL1m2msA+N40rEVc:eByZcDCWY1NoOlpgVdwMnL1ZmN+N4wEe

Score

10^/10

xworm rat trojan

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

Vanta Bundle.rar

Resource

win10v2004-20250313-en

xworm rat trojan

windows10-2004-x64

13 signatures

900 seconds

Malware Config

Extracted

Family

xworm

C2

documents-johnny.gl.at.ply.gg:63203:63203

documents-johnny.gl.at.ply.gg:63203

Attributes

Install_directory
%AppData%
install_file
XClient.exe

Targets

- Target
  
  Vanta Bundle.rar
- Size
  
  100KB
- MD5
  
  b622d4beb1f53e776cbe210b5c0bd3af
- SHA1
  
  c7a09721ad876715a9c419db5da263fe3dc1d905
- SHA256
  
  ae790bbbadeb38db0e345970612a859e0b9888c976d798105a48a81ced48ff40
- SHA512
  
  460ee20a7e044e7351bcb6534823ea28f30de20e71192571ef351b72e559719efd2ffc70f176fe39cc8c03c4c9e52f5ee26aa3897f76cca403a0eb0b6d45cd86
- SSDEEP
  
  1536:e19R7X+Z3yNPvbCrWNHdUUYtboOeJSpL0VblnPwVa/YgL1m2msA+N40rEVc:eByZcDCWY1NoOlpgVdwMnL1ZmN+N4wEe
Score

10^/10

xworm rat trojan
- Detect Xworm Payload
- Xworm
  Xworm is a remote access trojan written in C#.
  trojan rat xworm
- Xworm family
  xworm
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
behavioral1

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

© 2018-2025

Terms | Privacy

We care about your privacy.

This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.