xworm | 8da78017f088bf2a715737d6b66ae49e01f1d5e9f470113e69b1d467d673f5a2 | Triage

Submit
Reports

Overview

overview

Static

static

msedge.exe

windows10-2004-x64

Sharing

General

Target

msedge.exe
Size

213KB
Sample

250122-m832gatkbx
MD5

03e10c70b1f8927870b855501609be5e
SHA1

e8232b79566b79a31f5c2d1e0228c4ce15fed06f
SHA256

8da78017f088bf2a715737d6b66ae49e01f1d5e9f470113e69b1d467d673f5a2
SHA512

e091d3e904e52739b3897f09dc6ee68b555ad2400dc2d70e5afaee1b9cc46b68c545cc841f025e0aeca7b9dea3ccd5e7a5ab8dd3597e4dbdc5c51ab9ea6b484a
SSDEEP

3072:/6u7K5JYwXb04bmvrRjnHOmA6DRUGKXs+S++7KFSbxeY+qDDrMK:Cuu5JVb2v5CGqStKEbxI

Score

10^/10

xworm execution rat trojan

Static task

static1

3 signatures

Behavioral task

behavioral1

Sample

msedge.exe

Resource

win10v2004-20241007-en

xworm execution rat trojan

windows10-2004-x64

20 signatures

150 seconds

Malware Config

Extracted

Family

xworm

C2

trip-thesaurus.gl.at.ply.gg:16715

Attributes

Install_directory
%AppData%
install_file
Update.exe

Targets

- Target
  
  msedge.exe
- Size
  
  213KB
- MD5
  
  03e10c70b1f8927870b855501609be5e
- SHA1
  
  e8232b79566b79a31f5c2d1e0228c4ce15fed06f
- SHA256
  
  8da78017f088bf2a715737d6b66ae49e01f1d5e9f470113e69b1d467d673f5a2
- SHA512
  
  e091d3e904e52739b3897f09dc6ee68b555ad2400dc2d70e5afaee1b9cc46b68c545cc841f025e0aeca7b9dea3ccd5e7a5ab8dd3597e4dbdc5c51ab9ea6b484a
- SSDEEP
  
  3072:/6u7K5JYwXb04bmvrRjnHOmA6DRUGKXs+S++7KFSbxeY+qDDrMK:Cuu5JVb2v5CGqStKEbxI
Score

10^/10

xworm execution rat trojan
- Detect Xworm Payload
- Xworm
  Xworm is a remote access trojan written in C#.
  trojan rat xworm
- Xworm family
  xworm
- Command and Scripting Interpreter: PowerShell
  Run Powershell to modify Windows Defender settings to add exclusions for file extensions, paths, and processes.
  execution
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Drops startup file
- Executes dropped EXE
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
behavioral1

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Command and Scripting Interpreter

PowerShell

Scheduled Task/Job

Scheduled Task

Persistence

Scheduled Task/Job

Scheduled Task

Privilege Escalation

Scheduled Task/Job

Scheduled Task

Defense Evasion

Credential Access

Discovery

Peripheral Device Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

xwormexecutionrattrojan

© 2018-2025

Terms | Privacy