xworm | 8950ce8d0d34da93e1540029b4ff17f127b8619dea6f0e5c90a0d9a78368f52a | Triage

Submit
Reports

Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

Static

static

xwormport.exe

windows7-x64

xwormport.exe

windows10-2004-x64

Sharing

General

Target

xwormport.exe
Size

80KB
Sample

241009-t9w3watdjg
MD5

8b6c64186bf08072e4204ec3bde4147c
SHA1

8381d71213c367c4dab4fbf9b33e081e339ad215
SHA256

8950ce8d0d34da93e1540029b4ff17f127b8619dea6f0e5c90a0d9a78368f52a
SHA512

fbc3b75b348f5345f1534f6e740fd696b85c4f2a4f88a616af52fd6d7ccb7b13b0427c0d5e0e7626d0561cba534c5792f54e00f24cc1fd97f7f3ce9ec11e1404
SSDEEP

1536:+VNL/GiQfNlMYojPrZeHdD+8VKjuM4UKbdqmkmuH5f6Yf/JTOjaeKLz4:MNiiOPMXjPrZoD7Kju9UKbdSZRfxTOjx

Score

10^/10

xworm rat trojan

Static task

static1

3 signatures

Behavioral task

behavioral1

Sample

xwormport.exe

Resource

win7-20240903-en

xworm rat trojan

windows7-x64

4 signatures

150 seconds

Behavioral task

behavioral2

Sample

xwormport.exe

Resource

win10v2004-20241007-en

xworm rat trojan

windows10-2004-x64

4 signatures

150 seconds

Malware Config

Extracted

Family

xworm

C2

MadeInMood1-40937.portmap.host:40937

Attributes

Install_directory
%AppData%
install_file
XClient.exe
telegram
https://api.telegram.org/bot7375237961:AAFlPWXmEriRUUWDWeG1DeZifKaAFaWD10Q/sendMessage?chat_id=7534517325

Targets

- Target
  
  xwormport.exe
- Size
  
  80KB
- MD5
  
  8b6c64186bf08072e4204ec3bde4147c
- SHA1
  
  8381d71213c367c4dab4fbf9b33e081e339ad215
- SHA256
  
  8950ce8d0d34da93e1540029b4ff17f127b8619dea6f0e5c90a0d9a78368f52a
- SHA512
  
  fbc3b75b348f5345f1534f6e740fd696b85c4f2a4f88a616af52fd6d7ccb7b13b0427c0d5e0e7626d0561cba534c5792f54e00f24cc1fd97f7f3ce9ec11e1404
- SSDEEP
  
  1536:+VNL/GiQfNlMYojPrZeHdD+8VKjuM4UKbdqmkmuH5f6Yf/JTOjaeKLz4:MNiiOPMXjPrZoD7Kju9UKbdSZRfxTOjx
Score

10^/10

xworm rat trojan
- Detect Xworm Payload
- Xworm
  Xworm is a remote access trojan written in C#.
  trojan rat xworm
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
behavioral1 behavioral2

MITRE ATT&CK Matrix

Tasks

static1

behavioral1

behavioral2

© 2018-2025

Terms | Privacy

We care about your privacy.

This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.