xworm | 884df6eceba6d2ce19b3994945d37fd2487a012c64345939d9398f6001bf4e51 | Triage

Submit
Reports

Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

Static

static

3

884df6eceb...51.exe

windows7-x64

884df6eceb...51.exe

windows10-2004-x64

Sharing

General

Target

884df6eceba6d2ce19b3994945d37fd2487a012c64345939d9398f6001bf4e51
Size

2.2MB
Sample

240609-ell6faeb42
MD5

d46c0c68803203f7db45a78a0e02225f
SHA1

9d198155dd59799ffd16397243b5047d7208800a
SHA256

884df6eceba6d2ce19b3994945d37fd2487a012c64345939d9398f6001bf4e51
SHA512

3811e601f7dab65bbd8c4b63cb91355b5da16de4528f8f14a941aa73f7bd973876dfd7aab5606d27bfcb9c0e7584317d8337151500d777e4fe455df090e56085
SSDEEP

12288:tOnWCm5n3D7ofordCP4MmT9cFTf7GvgV1JQ5mc7h9bSe/zMn:

Score

10^/10

xworm rat trojan

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

884df6eceba6d2ce19b3994945d37fd2487a012c64345939d9398f6001bf4e51.exe

Resource

win7-20240508-en

xworm rat trojan

windows7-x64

6 signatures

150 seconds

Behavioral task

behavioral2

Sample

884df6eceba6d2ce19b3994945d37fd2487a012c64345939d9398f6001bf4e51.exe

Resource

win10v2004-20240508-en

xworm rat trojan

windows10-2004-x64

6 signatures

150 seconds

Malware Config

Extracted

Family

xworm

Version

3.1

C2

adult-purchased.gl.at.ply.gg:13795

Mutex

SDsGs8jdu1MveW6y

Attributes

install_file
USB.exe

aes.plain

1
pAeqZZ8qHPNtIZoJXneNBQ==

Targets

- Target
  
  884df6eceba6d2ce19b3994945d37fd2487a012c64345939d9398f6001bf4e51
- Size
  
  2.2MB
- MD5
  
  d46c0c68803203f7db45a78a0e02225f
- SHA1
  
  9d198155dd59799ffd16397243b5047d7208800a
- SHA256
  
  884df6eceba6d2ce19b3994945d37fd2487a012c64345939d9398f6001bf4e51
- SHA512
  
  3811e601f7dab65bbd8c4b63cb91355b5da16de4528f8f14a941aa73f7bd973876dfd7aab5606d27bfcb9c0e7584317d8337151500d777e4fe455df090e56085
- SSDEEP
  
  12288:tOnWCm5n3D7ofordCP4MmT9cFTf7GvgV1JQ5mc7h9bSe/zMn:
Score

10^/10

xworm rat trojan
- Detect Xworm Payload
- Xworm
  Xworm is a remote access trojan written in C#.
  trojan rat xworm
- Detects Windows exceutables bypassing UAC using CMSTP utility, command line and INF
- Detects Windows executables referencing non-Windows User-Agents
- Detects executables (downlaoders) containing URLs to raw contents of a paste
behavioral1 behavioral2

MITRE ATT&CK Matrix

Tasks

static1

behavioral1

behavioral2

© 2018-2025

Terms | Privacy

We care about your privacy.

This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.