xworm | 120286ca0a3f1e3805d5268c3110ac338b1d086ae5487bd25fdf4e1d917b1bce | Triage

Submit
Reports

Overview

overview

Static

static

3

XwormV5.3.exe

windows7-x64

XwormV5.3.exe

windows10-2004-x64

Sharing

General

Target

XwormV5.3.exe
Size

15.0MB
Sample

241101-1y36datrex
MD5

d0eec7cf80098a85e6628d8834b7e153
SHA1

aef442dbe12344111955d8a3b92427f03a8808b5
SHA256

120286ca0a3f1e3805d5268c3110ac338b1d086ae5487bd25fdf4e1d917b1bce
SHA512

50db066cc6e7402f635c73d4f770d0202b6c112db56a9d858c42df4f5816a07679f8f6c52efad0ce609390b792f4bd6887f39d5a9fddbd4ede912fb4fafcfa3b
SSDEEP

393216:iwTnaP1qOj5Dg/lgp8BOVF3DS2k4tUUi6AreM:xTavq/q8w3DS2k4KNFr/

Score

10^/10

xworm persistence rat trojan

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

XwormV5.3.exe

Resource

win7-20241023-en

xworm persistence rat trojan

windows7-x64

13 signatures

150 seconds

Behavioral task

behavioral2

Sample

XwormV5.3.exe

Resource

win10v2004-20241007-en

xworm persistence rat trojan

windows10-2004-x64

15 signatures

150 seconds

Malware Config

Extracted

Family

xworm

C2

96phaok.localto.net:1605

Attributes

Install_directory
%AppData%
install_file
USB.exe

Targets

- Target
  
  XwormV5.3.exe
- Size
  
  15.0MB
- MD5
  
  d0eec7cf80098a85e6628d8834b7e153
- SHA1
  
  aef442dbe12344111955d8a3b92427f03a8808b5
- SHA256
  
  120286ca0a3f1e3805d5268c3110ac338b1d086ae5487bd25fdf4e1d917b1bce
- SHA512
  
  50db066cc6e7402f635c73d4f770d0202b6c112db56a9d858c42df4f5816a07679f8f6c52efad0ce609390b792f4bd6887f39d5a9fddbd4ede912fb4fafcfa3b
- SSDEEP
  
  393216:iwTnaP1qOj5Dg/lgp8BOVF3DS2k4tUUi6AreM:xTavq/q8w3DS2k4KNFr/
Score

10^/10

xworm persistence rat trojan
- Detect Xworm Payload
- Xworm
  Xworm is a remote access trojan written in C#.
  trojan rat xworm
- Xworm family
  xworm
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Drops startup file
- Executes dropped EXE
- Adds Run key to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Scheduled Task/Job

Scheduled Task

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Scheduled Task/Job

Scheduled Task

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Scheduled Task/Job

Scheduled Task

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

xwormpersistencerattrojan

behavioral2

xwormpersistencerattrojan

© 2018-2025

Terms | Privacy