xworm | 5ff4f83bdff8f9edbe12a206afe6e9cec130462e42582181b7084f47714bdb87 | Triage

Submit
Reports

Overview

overview

Static

static

Sceet crac...1).exe

windows11-21h2-x64

Sharing

General

Target

cokesense.zip
Size

156KB
Sample

250125-zl2w4s1nfq
MD5

ffdf1d333c045b215ef663f58acc5031
SHA1

fec8a8a9ea739b07d675d4399a9156d88c29f4bb
SHA256

5ff4f83bdff8f9edbe12a206afe6e9cec130462e42582181b7084f47714bdb87
SHA512

726866895eb63373f754ccedc5b8326f239e37f99e67d3ee789ea2e5eea884b2220064d2610b316bc2a101ff4fc3b92b8da533e762e04ac53ef57d590b22b332
SSDEEP

3072:ZfPNheRqMeGgMKUmcGNSKfbzDcwgpes6/VsUUohzETEKw5HGmfBGnKJbJ68pFfDK:5w15gHxTcXpel7jIoj5VXNDK

Score

10^/10

xworm persistence rat trojan

Static task

static1

3 signatures

Behavioral task

behavioral1

Sample

Sceet crack.dll(1).exe

Resource

win11-20241007-en

xworm persistence rat trojan

windows11-21h2-x64

16 signatures

150 seconds

Malware Config

Extracted

Family

xworm

C2

127.0.0.1:7676

Attributes

Install_directory
%Userprofile%
install_file
Startup.exe

Targets

- Target
  
  Sceet crack.dll(1).exe
- Size
  
  237KB
- MD5
  
  d80cf9d4594b6517813ad887bcd9df4a
- SHA1
  
  53f4e025d721c2aea3ef5b7fc59264e19cc3dac3
- SHA256
  
  e9f13171bfd91a86ed53ac962dc382c975ec6f9287e5a0388f9a5e9df4476e8f
- SHA512
  
  7eeedf423dbcf3a4107b271de339d9c825f703464fb88303ddaff2f4afeeb687330d8abd62e077fb79c58cd167a326783e6050e1b11ba1a7cc93e01272dbddf0
- SSDEEP
  
  6144:udbSbGGqRPOUhcX7elbKTua9bfF/H9d9n:UbRGsO3X3u+
Score

10^/10

xworm persistence rat trojan
- Detect Xworm Payload
- Xworm
  Xworm is a remote access trojan written in C#.
  trojan rat xworm
- Xworm family
  xworm
- Drops startup file
- Adds Run key to start application
  persistence
behavioral1

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

xwormpersistencerattrojan

© 2018-2025

Terms | Privacy