Overview

overview

10

Static

static

10

Xeno-v1.1....no.exe

windows7-x64

7

Xeno-v1.1....no.exe

windows11-21h2-x64

10

Xeno-v1.1....UI.exe

windows7-x64

10

Xeno-v1.1....UI.exe

windows11-21h2-x64

10

Xeno-v1.1....UI.exe

windows7-x64

10

Xeno-v1.1....UI.exe

windows11-21h2-x64

10

Analysis

  • max time kernel
    145s
  • max time network
    151s
  • platform
    windows11-21h2_x64
  • resource
    win11-20250211-en
  • resource tags

    arch:x64arch:x86image:win11-20250211-enlocale:en-usos:windows11-21h2-x64system
  • submitted
    11-02-2025 18:19

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    Xeno-v1.1.3-x64/XenoUI.exe

  • Size

    95KB

  • MD5

    0c693fdf5031de28e139121866d4e71f

  • SHA1

    d4e3f81ce0ac00efbc537b6aa4ebc07f039aaf9a

  • SHA256

    3788b42e87c69c077868856b07c03e8606e0f49389c947231701100d99337e1c

  • SHA512

    4298a579eea032e794ac4aaa2e18c793fbe0d3f33a2f8e948fde510427e604f06072b71703183c9ca88c73a805627187241f47845a9f16822243388ae5cb42af

  • SSDEEP

    1536:gOTgjZ0JbSfMuafhOWR42zxMVY6dTPr/Wa5iiphLuM/APHV5y6SlSW8zXR:bT+WytdTPr/WAbK7Pby6S+zXR

Score
10/10
xwormrattrojan

Malware Config

Extracted

Family

xworm

C2

127.0.0.1:5552

Attributes
  • Install_directory

    %AppData%

  • install_file

    USB.exe

Signatures

  • Detect Xworm Payload 1 IoCs
  • Xworm

    Xworm is a remote access trojan written in C#.

    trojanratxworm
  • Xworm family
    xworm
  • Looks up external IP address via web service 1 IoCs

    Uses a legitimate IP lookup service to find the infected system's external IP.

  • Suspicious use of AdjustPrivilegeToken 1 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\Xeno-v1.1.3-x64\XenoUI.exe
    "C:\Users\Admin\AppData\Local\Temp\Xeno-v1.1.3-x64\XenoUI.exe"
    1⤵
    • Suspicious use of AdjustPrivilegeToken
    PID:2800

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/2800-0-0x00007FF9731B3000-0x00007FF9731B5000-memory.dmp

    Filesize

    8KB

    Download

  • memory/2800-1-0x00000000005B0000-0x00000000005CA000-memory.dmp

    Filesize

    104KB

    Download

  • memory/2800-2-0x00007FF9731B0000-0x00007FF973C72000-memory.dmp

    Filesize

    10.8MB

    Download

  • memory/2800-3-0x00007FF9731B0000-0x00007FF973C72000-memory.dmp

    Filesize

    10.8MB

    Download