xworm | 1a158ec89f3a579cb370fce8c79de20c4943b84d584ff2f63d476209f3c29873 | Triage

Submit
Reports

Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

Static

static

1

Free.bat

windows10-2004-x64

Sharing

General

Target

Free.bat
Size

190KB
Sample

240704-xmhhratdkp
MD5

6a1fd175668c34faf07a9f82dcd61884
SHA1

b2232ad243c3596bc29716d085a6bc8ba328e12c
SHA256

1a158ec89f3a579cb370fce8c79de20c4943b84d584ff2f63d476209f3c29873
SHA512

e66d20eb6d80fea715096c073ff41ece7ca243ccc4dd5ccf216261c64147660bcfa780d044f4d9cdcb212ca65c2b4309ab07253cbbbcf8ef90706b03a729a2c3
SSDEEP

3072:f4UH4Z5TsZPHVN70jXQw0o26RdIrQGgjStDcejhbXvqR61dqWsjocgcsR3gTEcat:fDtVN70cwV2MIlrtD9bXCWqWgocIwbx4

Score

10^/10

xworm execution rat trojan

Static task

static1

Behavioral task

behavioral1

Sample

Free.bat

Resource

win10v2004-20240508-en

xworm execution rat trojan

windows10-2004-x64

17 signatures

150 seconds

Malware Config

Extracted

Family

xworm

C2

executive-factory.gl.at.ply.gg:58101

Attributes

install_file
USB.exe

Targets

- Target
  
  Free.bat
- Size
  
  190KB
- MD5
  
  6a1fd175668c34faf07a9f82dcd61884
- SHA1
  
  b2232ad243c3596bc29716d085a6bc8ba328e12c
- SHA256
  
  1a158ec89f3a579cb370fce8c79de20c4943b84d584ff2f63d476209f3c29873
- SHA512
  
  e66d20eb6d80fea715096c073ff41ece7ca243ccc4dd5ccf216261c64147660bcfa780d044f4d9cdcb212ca65c2b4309ab07253cbbbcf8ef90706b03a729a2c3
- SSDEEP
  
  3072:f4UH4Z5TsZPHVN70jXQw0o26RdIrQGgjStDcejhbXvqR61dqWsjocgcsR3gTEcat:fDtVN70cwV2MIlrtD9bXCWqWgocIwbx4
Score

10^/10

xworm execution rat trojan
- Detect Xworm Payload
- Xworm
  Xworm is a remote access trojan written in C#.
  trojan rat xworm
- Command and Scripting Interpreter: PowerShell
  Run Powershell to modify Windows Defender settings to add exclusions for file extensions, paths, and processes.
  execution
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
behavioral1

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Command and Scripting Interpreter

PowerShell

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

xwormexecutionrattrojan

© 2018-2025

Terms | Privacy

We care about your privacy.

This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.