xworm | 5f6b7fac414c602989c14283e4bfd01a9dad04d84d178a4fd108d1e5d133eaf4 | Triage

Submit
Reports

Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

Static

static

Xeno-Execu...in.zip

windows7-x64

Resubmissions

18/10/2024, 00:32

241018-avtvesybqp 10

18/10/2024, 00:24

241018-ap6xssveqg 10

Sharing

General

Target

Xeno-Executor-v1.0.8-main.zip
Size

4.1MB
Sample

241018-ap6xssveqg
MD5

5f092e0d074a1a45f22db0bd55c0931f
SHA1

9294aa768de3f0ef8a6468854e2d118c5a72d6fe
SHA256

5f6b7fac414c602989c14283e4bfd01a9dad04d84d178a4fd108d1e5d133eaf4
SHA512

346eae473dadbd7f05743ea02a49fc4c1fd7a92d8b7e09fa8f8291a5ddf3619e6c0ab1196e4d46a930e54c110abf461966fbf4dae5fff1cf6dfd756b46d2a0a0
SSDEEP

98304:4FP5+BAtOValm08CkdzmbjjgAPd1fJ+BOxbaYZ01dvpbN8:4L+B6O8lmNC4SbjjgM1fJ+S1UlS

Score

10^/10

xworm rat trojan

Static task

static1

4 signatures

Behavioral task

behavioral1

Sample

Xeno-Executor-v1.0.8-main.zip

Resource

win7-20240903-en

xworm rat trojan

windows7-x64

9 signatures

150 seconds

Malware Config

Extracted

Family

xworm

C2

like-minute.gl.at.ply.gg:57419

Attributes

Install_directory
%AppData%
install_file
antivirus.exe

Targets

- Target
  
  Xeno-Executor-v1.0.8-main.zip
- Size
  
  4.1MB
- MD5
  
  5f092e0d074a1a45f22db0bd55c0931f
- SHA1
  
  9294aa768de3f0ef8a6468854e2d118c5a72d6fe
- SHA256
  
  5f6b7fac414c602989c14283e4bfd01a9dad04d84d178a4fd108d1e5d133eaf4
- SHA512
  
  346eae473dadbd7f05743ea02a49fc4c1fd7a92d8b7e09fa8f8291a5ddf3619e6c0ab1196e4d46a930e54c110abf461966fbf4dae5fff1cf6dfd756b46d2a0a0
- SSDEEP
  
  98304:4FP5+BAtOValm08CkdzmbjjgAPd1fJ+BOxbaYZ01dvpbN8:4L+B6O8lmNC4SbjjgM1fJ+S1UlS
Score

10^/10

xworm rat trojan
- Detect Xworm Payload
- Xworm
  Xworm is a remote access trojan written in C#.
  trojan rat xworm
- Executes dropped EXE
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
behavioral1

MITRE ATT&CK Matrix

Tasks

static1

behavioral1

© 2018-2025

Terms | Privacy