xworm | 8efa6f0711c60afd3e6cb29df2b740ee4d01b7f4290a223aa85c6f54fb3b9da5 | Triage

Submit
Reports

Overview

overview

Static

static

winlogon.exe

windows10-2004-x64

Sharing

General

Target

winlogon.exe
Size

59KB
Sample

241107-x45plsxjcz
MD5

f2a18b995a82e938ab6a067491aa0d79
SHA1

d437fca2f38d712bafae8c92169eec8934699e54
SHA256

8efa6f0711c60afd3e6cb29df2b740ee4d01b7f4290a223aa85c6f54fb3b9da5
SHA512

73db4ec0271045f3f2c40fa197cf6300d81f32e4ecdddf792b475c8234d997c8d9ddfd62f944f230d8929017dfd1f473fbf4470f3bf6c2e92a8606cd3fed6d56
SSDEEP

1536:CcG/DG/fDG+wopontVm+4ys9bFKR4F+9E6ywbgOmXvkAq:CcGGfDG+wWoPm+4X9bFKac/0Omfbq

Score

10^/10

xworm execution rat trojan

Static task

static1

3 signatures

Behavioral task

behavioral1

Sample

winlogon.exe

Resource

win10v2004-20241007-en

xworm execution rat trojan

windows10-2004-x64

9 signatures

150 seconds

Malware Config

Extracted

Family

xworm

Attributes

Install_directory
%ProgramData%
install_file
winlogon.exe
pastebin_url
https://pastebin.com/raw/QUwdrCNg

Targets

- Target
  
  winlogon.exe
- Size
  
  59KB
- MD5
  
  f2a18b995a82e938ab6a067491aa0d79
- SHA1
  
  d437fca2f38d712bafae8c92169eec8934699e54
- SHA256
  
  8efa6f0711c60afd3e6cb29df2b740ee4d01b7f4290a223aa85c6f54fb3b9da5
- SHA512
  
  73db4ec0271045f3f2c40fa197cf6300d81f32e4ecdddf792b475c8234d997c8d9ddfd62f944f230d8929017dfd1f473fbf4470f3bf6c2e92a8606cd3fed6d56
- SSDEEP
  
  1536:CcG/DG/fDG+wopontVm+4ys9bFKR4F+9E6ywbgOmXvkAq:CcGGfDG+wWoPm+4X9bFKac/0Omfbq
Score

10^/10

xworm execution rat trojan
- Detect Xworm Payload
- Xworm
  Xworm is a remote access trojan written in C#.
  trojan rat xworm
- Xworm family
  xworm
- Command and Scripting Interpreter: PowerShell
  Run Powershell to modify Windows Defender settings to add exclusions for file extensions, paths, and processes.
  execution
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
behavioral1

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Command and Scripting Interpreter

PowerShell

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

xwormexecutionrattrojan

© 2018-2025

Terms | Privacy