xworm | 3222a4d6c5d76cd1f41332cf9804ab2ba4c8ae24205e1a724a56d24501409cd0 | Triage

Submit
Reports

Overview

overview

Static

static

WobblyLife.exe

windows11-21h2-x64

Sharing

General

Target

WobblyLife.exe
Size

44KB
Sample

250330-zt9a6aw1dv
MD5

4ee1c154fbae8e8f36662009a6a408e8
SHA1

bf769f24197e950c7ec9b4d1167ef2d87ff6e08a
SHA256

3222a4d6c5d76cd1f41332cf9804ab2ba4c8ae24205e1a724a56d24501409cd0
SHA512

61be6e5e179702206375574ba53d856bc6262c340339e84d9a1810dc7c832bc2a0aaf08cb0391e9ac2946ace9c6df0deac5e04f9ed0a292d1d748b279c5e5581
SSDEEP

768:/O36H7BEIliviyzwmLI8SBVKSbFEPa9b976tOFhOzbKSx:/tBE9cmOBVrFd9p76tOFQXx

Score

10^/10

xworm rat trojan

Static task

static1

3 signatures

Behavioral task

behavioral1

Sample

WobblyLife.exe

Resource

win11-20250313-en

xworm rat trojan

windows11-21h2-x64

5 signatures

150 seconds

Malware Config

Extracted

Family

xworm

Version

5.0

C2

Javv-46764.portmap.host:46764

Mutex

l5kkGhZ0p1VdMVCI

Attributes

Install_directory
%AppData%
install_file
USB.exe

aes.plain

Targets

- Target
  
  WobblyLife.exe
- Size
  
  44KB
- MD5
  
  4ee1c154fbae8e8f36662009a6a408e8
- SHA1
  
  bf769f24197e950c7ec9b4d1167ef2d87ff6e08a
- SHA256
  
  3222a4d6c5d76cd1f41332cf9804ab2ba4c8ae24205e1a724a56d24501409cd0
- SHA512
  
  61be6e5e179702206375574ba53d856bc6262c340339e84d9a1810dc7c832bc2a0aaf08cb0391e9ac2946ace9c6df0deac5e04f9ed0a292d1d748b279c5e5581
- SSDEEP
  
  768:/O36H7BEIliviyzwmLI8SBVKSbFEPa9b976tOFhOzbKSx:/tBE9cmOBVrFd9p76tOFQXx
Score

10^/10

xworm rat trojan
- Detect Xworm Payload
- Xworm
  Xworm is a remote access trojan written in C#.
  trojan rat xworm
- Xworm family
  xworm
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
behavioral1

MITRE ATT&CK Matrix

Tasks

static1

behavioral1

© 2018-2025

Terms | Privacy