xworm | c311cf252c921f62bdb62ec764fe72e9bb58e6d73d32de213ba78943a76ab9b7 | Triage

Submit
Reports

Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

Static

static

ba93f77d1a...0N.exe

windows7-x64

ba93f77d1a...0N.exe

windows10-2004-x64

Sharing

General

Target

ba93f77d1a5ea6e0167b22431de94d20N.exe
Size

189KB
Sample

240915-a7yddawhnf
MD5

ba93f77d1a5ea6e0167b22431de94d20
SHA1

1295d9118cf67f4e068319d72138a80494630b02
SHA256

c311cf252c921f62bdb62ec764fe72e9bb58e6d73d32de213ba78943a76ab9b7
SHA512

8e4068f8f3f37684eea71e65b319841bb49c9067bca21efb3e5e61219dbce7d0660fe5ec88585d9a521cfafb2f5d88f6eb09643ed26eb4b9c040fbe119090340
SSDEEP

3072:KBf5OYpgK2+49WqfOIbA099oey1r45340VJ96dLtMW1d73bR7SgOBzvVg6UU62:afjpgFP9W+bAWoesrU40p61tL73blqKK

Score

10^/10

xworm discovery rat trojan

Static task

static1

3 signatures

Behavioral task

behavioral1

Sample

ba93f77d1a5ea6e0167b22431de94d20N.exe

Resource

win7-20240708-en

xworm discovery rat trojan

windows7-x64

8 signatures

120 seconds

Behavioral task

behavioral2

Sample

ba93f77d1a5ea6e0167b22431de94d20N.exe

Resource

win10v2004-20240802-en

xworm discovery rat trojan

windows10-2004-x64

8 signatures

120 seconds

Malware Config

Targets

- Target
  
  ba93f77d1a5ea6e0167b22431de94d20N.exe
- Size
  
  189KB
- MD5
  
  ba93f77d1a5ea6e0167b22431de94d20
- SHA1
  
  1295d9118cf67f4e068319d72138a80494630b02
- SHA256
  
  c311cf252c921f62bdb62ec764fe72e9bb58e6d73d32de213ba78943a76ab9b7
- SHA512
  
  8e4068f8f3f37684eea71e65b319841bb49c9067bca21efb3e5e61219dbce7d0660fe5ec88585d9a521cfafb2f5d88f6eb09643ed26eb4b9c040fbe119090340
- SSDEEP
  
  3072:KBf5OYpgK2+49WqfOIbA099oey1r45340VJ96dLtMW1d73bR7SgOBzvVg6UU62:afjpgFP9W+bAWoesrU40p61tL73blqKK
Score

10^/10

xworm discovery rat trojan
- Detect Xworm Payload
- Xworm
  Xworm is a remote access trojan written in C#.
  trojan rat xworm
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Loads dropped DLL
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

xwormdiscoveryrattrojan

behavioral2

xwormdiscoveryrattrojan

© 2018-2025

Terms | Privacy