MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 e812988e0e7ba4b119d92d2249e2aab0903864186fc1cac6d14bc1bbf8d410c4. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


XWorm


Vendor detections: 4


Intelligence 4 IOCs YARA 2 File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: e812988e0e7ba4b119d92d2249e2aab0903864186fc1cac6d14bc1bbf8d410c4
SHA3-384 hash: 2a6df056feced3cebfce9dde3d65b13d3df349f1950610899373e925895a735df8bf2ce8d8df27da68dbaa3b47550eb8
SHA1 hash: 13ad91c3af140d22e49e2b8900aee17e3f835f3a
MD5 hash: 907ff5bd7eda51bd7f2d2d9c687547a5
humanhash: mirror-low-lamp-blue
File name:xwczh.py
Download: download sample
Signature XWorm
Create hunting rule
File size:1'033'534 bytes
First seen:2025-08-14 09:08:37 UTC
Last seen:Never
File type:
MIME type:text/x-script.python
ssdeep 12288:6WWRslDD+lJ6QYqICOVQWsJR5lTzcAy15/V85J311dOhw5PZ1NCFLxRibeoLPz61:Wh8c1Wsm0lSuHYjKa1
TLSH T15025A7855622E17E5B97CE192F43AEDC2868D9EFC5C9E701F0844A4FE0A873C94E57C2
Magika python
Reporter 0xb0mb3r
Tags:Loader py pyarmor Python xworm

Intelligence

File Origin
# of uploads :
1
# of downloads :
771
Origin country :
CH CH
Vendor Threat Intelligence
Verdict:
Clean
Score:
99.9%
Link:
https://cyber-fortress.com/docs/result/index.php?id=689da7df31e468d93724b816
Tags:
n/a
Verdict:
Unknown
Link:
https://www.hybrid-analysis.com/sample/e812988e0e7ba4b119d92d2249e2aab0903864186fc1cac6d14bc1bbf8d410c4
Score:
36%
Verdict:
Susipicious
File Type:
SCRIPT
Link:
https://malprob.io/report/e812988e0e7ba4b119d92d2249e2aab0903864186fc1cac6d14bc1bbf8d410c4
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/e812988e0e7ba4b119d92d2249e2aab0903864186fc1cac6d14bc1bbf8d410c4/
Verdict:
Susipicious
Link:
https://tip.neiki.dev/file/e812988e0e7ba4b119d92d2249e2aab0903864186fc1cac6d14bc1bbf8d410c4
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=5ajjrdqoposlcgozfuretyvkwcidqzayn7a4vrwrjpa3x6gucdca._file
Result
Malware family:
n/a
Score:
  1/10
Tags:
linux
Link:
https://tria.ge/reports/250814-k4r3asdq7w/
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Legit
Score:
0.00
Link:
https://yomi.yoroi.company/submissions/e812988e0e7ba4b119d92d2249e2aab0903864186fc1cac6d14bc1bbf8d410c4

YARA Signatures

MalwareBazaar uses YARA rules from several public and non-public repositories, such as YARAhub and Malpedia. Those are being matched against malware samples uploaded to MalwareBazaar as well as against any suspicious process dumps they may create. Please note that only results from TLP:CLEAR rules are being displayed.

Rule name:DetectEncryptedVariants
Create hunting rule
Author:Zinyth
Description:Detects 'encrypted' in ASCII, Unicode, base64, or hex-encoded
Rule name:RANSOMWARE
Create hunting rule
Author:ToroGuitar

File information

The table below shows additional information about this malware sample such as delivery method and external references.

AsyncRAT

543b167817b1f76bf7619302fc0118659029423ef4211e9903b73fe1fc8c1bb0

AsyncRAT

Batch (bat) bat c423866ee5ebe47fa4808882d30becc79d2fe167d62a78033951a1953c57dfc5

XWorm

e812988e0e7ba4b119d92d2249e2aab0903864186fc1cac6d14bc1bbf8d410c4

(this sample)

XWorm

Executable exe c5eb62901ad0fb2f14cafe7f6312e1436dd912d56671f6f1f2944da9d1fa599f

  
Dropped by
SHA256 c423866ee5ebe47fa4808882d30becc79d2fe167d62a78033951a1953c57dfc5
  
Delivery method
Other
  
Dropped by
MD5 62e877cc07f9611bb8ef7c9f3127998e
  
Dropping
SHA256 c5eb62901ad0fb2f14cafe7f6312e1436dd912d56671f6f1f2944da9d1fa599f
  
Dropping
MD5 cb276c0d7f7e7681dd222575abb35f90

Comments