xworm | 153d02c6e6df5dfa39291f0d1ff049f6ff523c4f1328dc1663ff5eefbddf69cb | Triage

Submit
Reports

Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

Static

static

rsht5tnjrym.exe

windows10-2004-x64

Sharing

General

Target

rsht5tnjrym.exe
Size

55KB
Sample

240224-1fnmzafb22
MD5

0fa53d14194aef9688ed160ed379af46
SHA1

9b8106d23cb02e8e0592bbe16b26583552509c9d
SHA256

153d02c6e6df5dfa39291f0d1ff049f6ff523c4f1328dc1663ff5eefbddf69cb
SHA512

575767a2edb1d709b544b46ada6bde1d27b433c1eca921c59ccfdf4598b4124e2eac50b39b5359c7ca075d7d2cd505573d8ed18c5641f3756b1405f52a068e5b
SSDEEP

1536:QT/JFTbei0RcAIEKZkbpd5dqdy961SOOgSVKXgNl:erARcADKZkbL5rqOgSKgN

Score

10^/10

xworm rat trojan

Static task

static1

3 signatures

Behavioral task

behavioral1

Sample

rsht5tnjrym.exe

Resource

win10v2004-20240221-en

xworm rat trojan

windows10-2004-x64

8 signatures

150 seconds

Malware Config

Extracted

Family

xworm

C2

funut-24924.portmap.io:19312

Attributes

Install_directory
%AppData%
install_file
XClient.exe

Targets

- Target
  
  rsht5tnjrym.exe
- Size
  
  55KB
- MD5
  
  0fa53d14194aef9688ed160ed379af46
- SHA1
  
  9b8106d23cb02e8e0592bbe16b26583552509c9d
- SHA256
  
  153d02c6e6df5dfa39291f0d1ff049f6ff523c4f1328dc1663ff5eefbddf69cb
- SHA512
  
  575767a2edb1d709b544b46ada6bde1d27b433c1eca921c59ccfdf4598b4124e2eac50b39b5359c7ca075d7d2cd505573d8ed18c5641f3756b1405f52a068e5b
- SSDEEP
  
  1536:QT/JFTbei0RcAIEKZkbpd5dqdy961SOOgSVKXgNl:erARcADKZkbL5rqOgSKgN
Score

10^/10

xworm rat trojan
- Detect Xworm Payload
- Xworm
  Xworm is a remote access trojan written in C#.
  trojan rat xworm
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Drops startup file
behavioral1

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

© 2018-2025

Terms | Privacy