xworm | 5066005caba8dc57486c82bf82f452ed41b11c19fb16c9e0e8f64c4a19f577f6 | Triage

Submit
Reports

Overview

overview

Static

static

yewowrkqw.exe

windows11-21h2-x64

Sharing

General

Target

yewowrkqw.exe
Size

44KB
Sample

250406-p4s2ta1nv6
MD5

17b7f69c106ac1286a2f6ec3655668f8
SHA1

91c951e29adbfad36b9c596b2591bae6e2cb05a5
SHA256

5066005caba8dc57486c82bf82f452ed41b11c19fb16c9e0e8f64c4a19f577f6
SHA512

52dd8d6a679d80cbd2bc57ae31528c00d3ab5037c33c19506098658cb4e7ade77790ac1e63bc3f7b6dc1748205257aaf7f3463bba12f3ef87f9e79449c80462f
SSDEEP

768:pO36H7BEIliviyzwmLP8SBVKSbFEPa9b9Bq6tOFhazbKSg:ptBE9cm1BVrFd9pBq6tOFcXg

Score

10^/10

xworm rat trojan

Static task

static1

3 signatures

Behavioral task

behavioral1

Sample

yewowrkqw.exe

Resource

win11-20250313-en

xworm rat trojan

windows11-21h2-x64

5 signatures

150 seconds

Malware Config

Extracted

Family

xworm

Version

5.0

C2

Javv-46764.portmap.host:46764:2443

Mutex

czmCI6dS2JGO2CQ7

Attributes

Install_directory
%AppData%
install_file
USB.exe

aes.plain

Targets

- Target
  
  yewowrkqw.exe
- Size
  
  44KB
- MD5
  
  17b7f69c106ac1286a2f6ec3655668f8
- SHA1
  
  91c951e29adbfad36b9c596b2591bae6e2cb05a5
- SHA256
  
  5066005caba8dc57486c82bf82f452ed41b11c19fb16c9e0e8f64c4a19f577f6
- SHA512
  
  52dd8d6a679d80cbd2bc57ae31528c00d3ab5037c33c19506098658cb4e7ade77790ac1e63bc3f7b6dc1748205257aaf7f3463bba12f3ef87f9e79449c80462f
- SSDEEP
  
  768:pO36H7BEIliviyzwmLP8SBVKSbFEPa9b9Bq6tOFhazbKSg:ptBE9cm1BVrFd9pBq6tOFcXg
Score

10^/10

xworm rat trojan
- Detect Xworm Payload
- Xworm
  Xworm is a remote access trojan written in C#.
  trojan rat xworm
- Xworm family
  xworm
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
behavioral1

MITRE ATT&CK Matrix

Tasks

static1

behavioral1

© 2018-2025

Terms | Privacy