xworm | fb6a40f06d1fd02e4425b4a965d5a0da959997faca162e5bc4c62002c7d3977e | Triage

Submit
Reports

Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

Static

static

1

sddp-17.2.3-setup.exe

windows10-1703-x64

Sharing

General

Target

sddp-17.2.3-setup.exe
Size

155.0MB
Sample

230421-t6gh1sgh29
MD5

cd8dfaef662e9516e39cad0c0500ce02
SHA1

23a7ae69bb06948b906ce225f6af51306696432d
SHA256

fb6a40f06d1fd02e4425b4a965d5a0da959997faca162e5bc4c62002c7d3977e
SHA512

dc641ea5214b5dd31cb7230bdac3a22294ad25873ffbf33b7ac5a2ef6d656e7ecf45082126c9176e68abaebc2e113c6fd1b4ebe78565671256a979a75d5d8f64
SSDEEP

3145728:zJSY+WE3GC9VfddaufCM2mwztxcOPfXKgo++SzRR8Op/K9oJWT5E+N:zJSBlVr42ChmItxtfXKgr+SlR8Op/6TN

Score

10^/10

xworm discovery evasion rat trojan

Static task

static1

Behavioral task

behavioral1

Sample

sddp-17.2.3-setup.exe

Resource

win10-20230220-en

xworm discovery evasion rat trojan

windows10-1703-x64

14 signatures

300 seconds

Malware Config

Targets

- Target
  
  sddp-17.2.3-setup.exe
- Size
  
  155.0MB
- MD5
  
  cd8dfaef662e9516e39cad0c0500ce02
- SHA1
  
  23a7ae69bb06948b906ce225f6af51306696432d
- SHA256
  
  fb6a40f06d1fd02e4425b4a965d5a0da959997faca162e5bc4c62002c7d3977e
- SHA512
  
  dc641ea5214b5dd31cb7230bdac3a22294ad25873ffbf33b7ac5a2ef6d656e7ecf45082126c9176e68abaebc2e113c6fd1b4ebe78565671256a979a75d5d8f64
- SSDEEP
  
  3145728:zJSY+WE3GC9VfddaufCM2mwztxcOPfXKgo++SzRR8Op/K9oJWT5E+N:zJSBlVr42ChmItxtfXKgr+SlR8Op/6TN
Score

10^/10

xworm discovery evasion rat trojan
- Xworm
  Xworm is a remote access trojan written in C#.
  trojan rat xworm
- Grants admin privileges
  Uses net.exe to modify the user's privileges.
- Modifies Windows Firewall
  evasion
- Executes dropped EXE
- Loads dropped DLL
- Modifies file permissions
  discovery
- Drops file in System32 directory
behavioral1

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Account Manipulation

Modify Existing Service

Privilege Escalation

Defense Evasion

File and Directory Permissions Modification

Modify Registry

Credential Access

Account Manipulation

Discovery

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

xwormdiscoveryevasionrattrojan

© 2018-2025

Terms | Privacy