stormkitty | 987af5ed785a0c412b8c4f829df902e82e62e21917aa7abdcc0d825b4a463c67 | Triage

Submit
Reports

Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

Static

static

XWorm-5.6.rar

windows10-2004-x64

Sharing

General

Target

XWorm-5.6.rar
Size

21.5MB
Sample

250131-xn3v3stqb1
MD5

4f57637d0aa8ed0d3055802c3a90a58d
SHA1

c8b298c0edea336ee4710a3c1da5cc7bce7467cf
SHA256

987af5ed785a0c412b8c4f829df902e82e62e21917aa7abdcc0d825b4a463c67
SHA512

5d7fae098076531f1af3447d03cfc1909cdc00cd3757132bee7d8ccb1b84d1e57d1c11066afa70c2d102fbcc5233a7e43c2ff017dc67a2cf7591a923032d54f7
SSDEEP

393216:D+N2F6y80fxdY24Xhf7QUECurlXcphU4SwUKidjxOfvP5AXyaLe39neZ:D+Nj6x+TlEUEhIXSwUbdF6pEyJ3UZ

Score

10^/10

stormkitty xworm defense_evasion discovery rat trojan

Static task

static1

stormkitty xworm

6 signatures

Behavioral task

behavioral1

Sample

XWorm-5.6.rar

Resource

win10v2004-20250129-it

xworm defense_evasion discovery rat trojan

windows10-2004-x64

22 signatures

900 seconds

Malware Config

Extracted

Family

xworm

Version

5.0

C2

127.0.0.1:7000

Mutex

zWBJQzaMFzSXPOWb

Attributes

install_file
USB.exe

aes.plain

Extracted

Family

xworm

C2

127.0.0.1:7000

Attributes

install_file
USB.exe

Targets

- Target
  
  XWorm-5.6.rar
- Size
  
  21.5MB
- MD5
  
  4f57637d0aa8ed0d3055802c3a90a58d
- SHA1
  
  c8b298c0edea336ee4710a3c1da5cc7bce7467cf
- SHA256
  
  987af5ed785a0c412b8c4f829df902e82e62e21917aa7abdcc0d825b4a463c67
- SHA512
  
  5d7fae098076531f1af3447d03cfc1909cdc00cd3757132bee7d8ccb1b84d1e57d1c11066afa70c2d102fbcc5233a7e43c2ff017dc67a2cf7591a923032d54f7
- SSDEEP
  
  393216:D+N2F6y80fxdY24Xhf7QUECurlXcphU4SwUKidjxOfvP5AXyaLe39neZ:D+Nj6x+TlEUEhIXSwUbdF6pEyJ3UZ
Score

10^/10

xworm defense_evasion discovery rat trojan
- Contains code to disable Windows Defender
  A .NET executable tasked with disabling Windows Defender capabilities such as realtime monitoring, blocking at first seen, etc.
- Detect Xworm Payload
- Xworm
  Xworm is a remote access trojan written in C#.
  trojan rat xworm
- Xworm family
  xworm
- Disables Task Manager via registry modification
  defense_evasion
- Executes dropped EXE
- Uses the VBS compiler for execution
behavioral1

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Command and Scripting Interpreter

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Browser Information Discovery

Peripheral Device Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

stormkittyxworm

behavioral1

xwormdefense_evasiondiscoveryrattrojan

© 2018-2025

Terms | Privacy