xworm | e88f233b6925f8bf72e0b89baaa1fc52d5c7fdc52f8018de86af8cb0e902709b | Triage

Submit
Reports

Overview

overview

Static

static

3

7524d560b6...1f.exe

windows7-x64

7524d560b6...1f.exe

windows10-2004-x64

Sharing

Copy URL Twitter E-mail

General

Target

7524d560b667b8ed62f16bc59772d81f.exe
Size

7.1MB
Sample

240708-nat7caycme
MD5

7524d560b667b8ed62f16bc59772d81f
SHA1

ac9fae264147b07d6306784d6738e768e89ec389
SHA256

e88f233b6925f8bf72e0b89baaa1fc52d5c7fdc52f8018de86af8cb0e902709b
SHA512

c9201812e59c2411d83c254cae87d4f157747a6cf1a5080fa7c27d9f4276bec00ff671840ddf75cfec2bda1692c7593d4604f55c31eb6643d0362d6898294693
SSDEEP

98304:tPx1VR1MSpVQJu7ikcXqhKRgGJC1LIrip+M38GEcfNv3SsnFx3ai3i/bgkqf1nnH:dxHR1likZGgv1LH6cBSeqi3idqfVnPLD

Score

10^/10

xworm rat trojan

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

7524d560b667b8ed62f16bc59772d81f.exe

Resource

win7-20240704-en

xworm rat trojan

windows7-x64

11 signatures

150 seconds

Behavioral task

behavioral2

Sample

7524d560b667b8ed62f16bc59772d81f.exe

Resource

win10v2004-20240704-en

xworm rat trojan

windows10-2004-x64

11 signatures

150 seconds

Malware Config

Extracted

Family

xworm

Version

5.0

C2

85.209.133.150:6677

Mutex

4HH9iRMijGaRYlkt

Attributes

install_file
USB.exe

aes.plain

Targets

- Target
  
  7524d560b667b8ed62f16bc59772d81f.exe
- Size
  
  7.1MB
- MD5
  
  7524d560b667b8ed62f16bc59772d81f
- SHA1
  
  ac9fae264147b07d6306784d6738e768e89ec389
- SHA256
  
  e88f233b6925f8bf72e0b89baaa1fc52d5c7fdc52f8018de86af8cb0e902709b
- SHA512
  
  c9201812e59c2411d83c254cae87d4f157747a6cf1a5080fa7c27d9f4276bec00ff671840ddf75cfec2bda1692c7593d4604f55c31eb6643d0362d6898294693
- SSDEEP
  
  98304:tPx1VR1MSpVQJu7ikcXqhKRgGJC1LIrip+M38GEcfNv3SsnFx3ai3i/bgkqf1nnH:dxHR1likZGgv1LH6cBSeqi3idqfVnPLD
Score

10^/10

xworm rat trojan
- Contains code to disable Windows Defender
  A .NET executable tasked with disabling Windows Defender capabilities such as realtime monitoring, blocking at first seen, etc.
- Detect Xworm Payload
- Xworm
  Xworm is a remote access trojan written in C#.
  trojan rat xworm
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2

© 2018-2025

Terms | Privacy