xworm | 21e2e1a1ad225e01e997a3cca99b8d4313ae3b73263adbc9b416193c94a2153a | Triage

Submit
Reports

Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

Static

static

WizClient.exe

windows10-2004-x64

Sharing

General

Target

WizClient.exe
Size

83KB
Sample

241009-ea5teawele
MD5

2c383a77bce8c6283ef976b2a677f0f4
SHA1

5b086390d1add27d44f4a3859b4daaa74af65868
SHA256

21e2e1a1ad225e01e997a3cca99b8d4313ae3b73263adbc9b416193c94a2153a
SHA512

87624bec9d2db6bdf8d876e3d238f8fdb8c707b658b51b3b5877435c632809f8fbf6da0f03dc025031a112308d2a990c7c76f458bdbbfb32949423f25bbf6e16
SSDEEP

1536:X0ixKm49LXmWNbI2jjmhs7y/ZgdtqKz6Y1O27BaDtT:X0iJ4BWSbIwjm0y/crv1O66t

Score

10^/10

xworm rat trojan

Static task

static1

3 signatures

Behavioral task

behavioral1

Sample

WizClient.exe

Resource

win10v2004-20241007-en

xworm rat trojan

windows10-2004-x64

4 signatures

150 seconds

Malware Config

Extracted

Family

xworm

C2

returns-traveler.gl.at.ply.gg:13452

Attributes

Install_directory
%ProgramData%
install_file
USB.exe

Targets

- Target
  
  WizClient.exe
- Size
  
  83KB
- MD5
  
  2c383a77bce8c6283ef976b2a677f0f4
- SHA1
  
  5b086390d1add27d44f4a3859b4daaa74af65868
- SHA256
  
  21e2e1a1ad225e01e997a3cca99b8d4313ae3b73263adbc9b416193c94a2153a
- SHA512
  
  87624bec9d2db6bdf8d876e3d238f8fdb8c707b658b51b3b5877435c632809f8fbf6da0f03dc025031a112308d2a990c7c76f458bdbbfb32949423f25bbf6e16
- SSDEEP
  
  1536:X0ixKm49LXmWNbI2jjmhs7y/ZgdtqKz6Y1O27BaDtT:X0iJ4BWSbIwjm0y/crv1O66t
Score

10^/10

xworm rat trojan
- Detect Xworm Payload
- Xworm
  Xworm is a remote access trojan written in C#.
  trojan rat xworm
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
behavioral1

MITRE ATT&CK Matrix

Tasks

static1

behavioral1

© 2018-2025

Terms | Privacy