xworm | 16be0732b35514ee74525d0e8ad0fe9060b821d3fa5b4187ee923b044c92e16c | Triage

Submit
Reports

Overview

overview

Static

static

3

megre.exe

windows7-x64

8

megre.exe

windows10-2004-x64

Sharing

Copy URL Twitter E-mail

General

Target

megre.exe
Size

10.5MB
Sample

240628-j64nfazbjh
MD5

31cd692bc7c6b9d7084f791b6baa0050
SHA1

2c1f0dbc56d32760fdb1576eccd04360efeb66aa
SHA256

16be0732b35514ee74525d0e8ad0fe9060b821d3fa5b4187ee923b044c92e16c
SHA512

5b313ee054b1340dcae39a9ff070d32d67119020c7c348cf02bd137268ad9e2a26e46e61c0ffe206d7e5b28b4dc7eba2e106750fb682f54d54ddd1bd29bf0f25
SSDEEP

196608:pOQiDnLZQi21bRqt9Vs9sMm2agR2wCg6N6FYx1jg+elKIK0G8V1fW:pkDLvgbRWs93dW9AFYH8kd0GeW

Score

10^/10

xworm execution rat trojan

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

megre.exe

Resource

win7-20231129-en

windows7-x64

8 signatures

150 seconds

Behavioral task

behavioral2

Sample

megre.exe

Resource

win10v2004-20240508-en

xworm execution rat trojan

windows10-2004-x64

17 signatures

150 seconds

Malware Config

Extracted

Family

xworm

Version

5.0

C2

ad-str.gl.at.ply.gg:29643

amount-socket.gl.at.ply.gg:29643

Mutex

eoiWTCpbKmFTArdj

Attributes

install_file
USB.exe

aes.plain

Targets

- Target
  
  megre.exe
- Size
  
  10.5MB
- MD5
  
  31cd692bc7c6b9d7084f791b6baa0050
- SHA1
  
  2c1f0dbc56d32760fdb1576eccd04360efeb66aa
- SHA256
  
  16be0732b35514ee74525d0e8ad0fe9060b821d3fa5b4187ee923b044c92e16c
- SHA512
  
  5b313ee054b1340dcae39a9ff070d32d67119020c7c348cf02bd137268ad9e2a26e46e61c0ffe206d7e5b28b4dc7eba2e106750fb682f54d54ddd1bd29bf0f25
- SSDEEP
  
  196608:pOQiDnLZQi21bRqt9Vs9sMm2agR2wCg6N6FYx1jg+elKIK0G8V1fW:pkDLvgbRWs93dW9AFYH8kd0GeW
Score

10^/10

execution xworm rat trojan
- Detect Xworm Payload
- Xworm
  Xworm is a remote access trojan written in C#.
  trojan rat xworm
- Command and Scripting Interpreter: PowerShell
  Run Powershell and hide display window.
  execution
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Command and Scripting Interpreter

PowerShell

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2

xwormexecutionrattrojan

© 2018-2025

Terms | Privacy