xworm | f0e916dd6769b273107a1b0ae92099825116083fe3a3e502e5582fac159046a3 | Triage

Submit
Reports

Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

Static

static

nursultan ...gx.exe

windows11-21h2-x64

Sharing

General

Target

nursultan by batchgx.exe
Size

31KB
Sample

240928-y8f3gsxhkc
MD5

e769f83e9296311f3a8499b34819afc3
SHA1

d70fddf8da48795ad84aa4fa75d681a1e2b06b9f
SHA256

f0e916dd6769b273107a1b0ae92099825116083fe3a3e502e5582fac159046a3
SHA512

c4749b93e9b8cff355f3fb79b2855c0558734887c606f8b4ac07b58d590323896d5e97c9e6aea58b7fe6d7f3ea375a6f9ec214fd25a646504693e62aada943ec
SSDEEP

384:RWrVqCDweO/ace/VgFpLJPgwDs2ETIiJ5R+gtFqBLTiZw/WNCvK9IkVuwxOjhf/:ZzT55ePJ5ZFr9RdOjhf/3vY

Score

10^/10

xworm persistence rat trojan

Static task

static1

3 signatures

Behavioral task

behavioral1

Sample

nursultan by batchgx.exe

Resource

win11-20240802-en

xworm persistence rat trojan

windows11-21h2-x64

20 signatures

1800 seconds

Malware Config

Extracted

Family

xworm

Version

3.1

C2

budget-compiled.gl.at.ply.gg:61672

Mutex

clIqiypuJSXeSvTO

Attributes

Install_directory
%AppData%
install_file
USB.exe

aes.plain

Targets

- Target
  
  nursultan by batchgx.exe
- Size
  
  31KB
- MD5
  
  e769f83e9296311f3a8499b34819afc3
- SHA1
  
  d70fddf8da48795ad84aa4fa75d681a1e2b06b9f
- SHA256
  
  f0e916dd6769b273107a1b0ae92099825116083fe3a3e502e5582fac159046a3
- SHA512
  
  c4749b93e9b8cff355f3fb79b2855c0558734887c606f8b4ac07b58d590323896d5e97c9e6aea58b7fe6d7f3ea375a6f9ec214fd25a646504693e62aada943ec
- SSDEEP
  
  384:RWrVqCDweO/ace/VgFpLJPgwDs2ETIiJ5R+gtFqBLTiZw/WNCvK9IkVuwxOjhf/:ZzT55ePJ5ZFr9RdOjhf/3vY
Score

10^/10

xworm persistence rat trojan
- Detect Xworm Payload
- Xworm
  Xworm is a remote access trojan written in C#.
  trojan rat xworm
- Boot or Logon Autostart Execution: Active Setup
  Adversaries may achieve persistence by adding a Registry key to the Active Setup of the local machine.
  persistence
- Drops startup file
- Enumerates connected drives
  Attempts to read the root path of hard drives other than the default C: drive.
behavioral1

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Active Setup

Privilege Escalation

Boot or Logon Autostart Execution

Active Setup

Defense Evasion

Modify Registry

Credential Access

Discovery

Peripheral Device Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

xwormpersistencerattrojan

© 2018-2025

Terms | Privacy