xworm | f0a686f2fa59128abb1a1864a35ca6eddb07e907f342e7e242cdd97be8ab9d1a | Triage

Submit
Reports

Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

Static

static

1

ModifiedIn...pt.ps1

windows10-2004-x64

Sharing

General

Target

ModifiedInjectedScript.ps1
Size

245KB
Sample

240908-wy2kbszfmq
MD5

fbd0c3840741789fbd9134bc238ef0bf
SHA1

484099f778d8e06fc7c85dd07722ce6a66e5263c
SHA256

f0a686f2fa59128abb1a1864a35ca6eddb07e907f342e7e242cdd97be8ab9d1a
SHA512

b521579d79ca422fb001ec5bf659fd46db100513c6f01a13eb0dba972f2abe737772e2934805920e56aa2f9bbc1efedbcd3e9da160c869cc97f63b46a2a32429
SSDEEP

1536:CBLDlZMXoSumX+Kh2g5Im01XS76UgWYtvEdoSmNHfmZ26zgEPGtkkhZlNkTD5lUc:CNxvXQP2l80c6MJZs5clpY9GmOPdJ

Score

10^/10

xworm execution rat trojan

Static task

static1

Behavioral task

behavioral1

Sample

ModifiedInjectedScript.ps1

Resource

win10v2004-20240802-en

xworm execution rat trojan

windows10-2004-x64

8 signatures

150 seconds

Malware Config

Extracted

Family

xworm

C2

super-nearest.gl.at.ply.gg:17835

Attributes

install_file
USB.exe

Targets

- Target
  
  ModifiedInjectedScript.ps1
- Size
  
  245KB
- MD5
  
  fbd0c3840741789fbd9134bc238ef0bf
- SHA1
  
  484099f778d8e06fc7c85dd07722ce6a66e5263c
- SHA256
  
  f0a686f2fa59128abb1a1864a35ca6eddb07e907f342e7e242cdd97be8ab9d1a
- SHA512
  
  b521579d79ca422fb001ec5bf659fd46db100513c6f01a13eb0dba972f2abe737772e2934805920e56aa2f9bbc1efedbcd3e9da160c869cc97f63b46a2a32429
- SSDEEP
  
  1536:CBLDlZMXoSumX+Kh2g5Im01XS76UgWYtvEdoSmNHfmZ26zgEPGtkkhZlNkTD5lUc:CNxvXQP2l80c6MJZs5clpY9GmOPdJ
Score

10^/10

xworm execution rat trojan
- Detect Xworm Payload
- Xworm
  Xworm is a remote access trojan written in C#.
  trojan rat xworm
- Command and Scripting Interpreter: PowerShell
  Using powershell.exe command.
  execution
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
behavioral1

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Command and Scripting Interpreter

PowerShell

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

xwormexecutionrattrojan

© 2018-2025

Terms | Privacy