MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 a3a03c8880ad5863064069cfa5ee78a14a410fca379bb1e5d0f16fcbb9874517. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


XWorm


Vendor detections: 8


Intelligence 8 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: a3a03c8880ad5863064069cfa5ee78a14a410fca379bb1e5d0f16fcbb9874517
SHA3-384 hash: 78b805eccda9a9936bb924cfd8f4054ed6bd342e02d5516c6a5fad14d6367b434d0b066787259bc2969088351fd3cda3
SHA1 hash: 018d96a57d84980076db463291811a14698da992
MD5 hash: 8bb57e630f6fa5a6b8e20f2bb554b156
humanhash: october-king-early-utah
File name:comprovativo de pagamento.7z
Download: download sample
Signature XWorm
Create hunting rule
File size:2'750 bytes
First seen:2026-02-28 08:17:01 UTC
Last seen:Never
File type: 7z
MIME type:application/x-7z-compressed
ssdeep 48:j41JYiu1N5pLbbsyatwQO2qYwZ/nP4cxHGCOL1GwDBIlN:Uu1NnbTuyvpxoG+BE
TLSH T1C5515B6ED6AAEB084D3789391326F60841C78BC2EC2E660385A178B33E3E47E5091817
Magika sevenzip
Reporter JAMESWT_WT
Tags:7z jerrymac2008-duckdns-org Spam-ITA xworm

Intelligence

File Origin
# of uploads :
1
# of downloads :
61
Origin country :
IT IT
File Archive Information

This file archive contains 1 file(s), sorted by their relevance:

File name:comprovativo de pagamento.js
File size:1'127'261 bytes
SHA256 hash: 7706af0288e1f625d7f60916d15a0786503ad8b00db1de03590401336cb2786d
MD5 hash: d0115a3a2774600920ee3b12a485e48e
MIME type:text/plain
Signature XWorm
Vendor Threat Intelligence
No detections
Detection(s):
Sanesecurity.Malware.32501.JsHeur.UNOFFICIAL
Create hunting rule

Verdict:
Malicious
Score:
90.9%
Link:
https://cyber-fortress.com/docs/result/index.php?id=69a2a48dc950ab5d9ab26b81
Tags:
malware
Verdict:
Malicious
Threat level:
  10/10
Confidence:
100%
Tags:
remcos repaired
Link:
https://www.filescan.io/uploads/69a2a48ccd25bfe1dfdc9109/reports/b1fe194f-b94d-4490-b8b4-2321050e92c6/overview
Verdict:
Suspicious
Labled as:
TR/Malware
Link:
https://www.hybrid-analysis.com/sample/a3a03c8880ad5863064069cfa5ee78a14a410fca379bb1e5d0f16fcbb9874517
Verdict:
Malicious
File Type:
7z
Link:
https://opentip.kaspersky.com/a3a03c8880ad5863064069cfa5ee78a14a410fca379bb1e5d0f16fcbb9874517/results?tab=lookup
Score:
28%
Verdict:
Benign
File Type:
ARCHIVE
Link:
https://malprob.io/report/a3a03c8880ad5863064069cfa5ee78a14a410fca379bb1e5d0f16fcbb9874517
Verdict:
inconclusive
YARA:
3 match(es)
Tags:
7z Archive SFX 7z
Link:
https://app.malva.re/file/8bb57e630f6fa5a6b8e20f2bb554b156
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/a3a03c8880ad5863064069cfa5ee78a14a410fca379bb1e5d0f16fcbb9874517/
Threat name:
Win32.Trojan.Suschil
Create hunting rule
Status:
Malicious
First seen:
2026-02-27 16:08:04 UTC
File Type:
Binary (Archive)
Extracted files:
1
AV detection:
9 of 24 (37.50%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=uoqdzceavvmggbsanhh2l3tyuffecd6kg6n3dzoq6fx4xomhiulq._file
Result
Malware family:
xworm
Create hunting rule
Score:
  10/10
Tags:
family:xworm discovery execution persistence rat trojan
Link:
https://tria.ge/reports/260228-mqq9ysbx4h/
Behaviour
Suspicious behavior: EnumeratesProcesses
Suspicious use of AdjustPrivilegeToken
Suspicious use of SetWindowsHookEx
Suspicious use of WriteProcessMemory
Command and Scripting Interpreter: JavaScript
Enumerates physical storage devices
System Location Discovery: System Language Discovery
Suspicious use of SetThreadContext
Adds Run key to start application
Drops startup file
Badlisted process makes network request
Command and Scripting Interpreter: PowerShell
Detect Xworm Payload
Process spawned unexpected child process
Xworm
Xworm family
Malware Config
C2 Extraction:
jerrymac2008.duckdns.org:4078
Dropper Extraction:
https://bafybeihmvo5nbtacxb7bx6bzla7adpg7ldm2ud3fqbom6724ajlki42urq.ipfs.dweb.link?filename=22222optimized_MSI.png
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Legit
Score:
0.00
Link:
https://yomi.yoroi.company/submissions/a3a03c8880ad5863064069cfa5ee78a14a410fca379bb1e5d0f16fcbb9874517

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Comments