xworm | 376256408781bf18394e524a1c52b34bcb375289c13c75678069fa57cac0b6a8 | Triage

Submit
Reports

Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

Static

static

3

WindowsApp1.exe

windows7-x64

WindowsApp1.exe

windows10-2004-x64

Sharing

General

Target

WindowsApp1.exe
Size

118KB
Sample

250228-2bn9da1ps8
MD5

0d19cad630767b9be69693ffa5c614da
SHA1

0a72a3d355e094bdc16f03dc9cc660e6031342b9
SHA256

376256408781bf18394e524a1c52b34bcb375289c13c75678069fa57cac0b6a8
SHA512

70854128254cea8bd233d2930f7fd285609a44997b96e326aee19b89defa3971bf70ffe4c8647ec207003aa88ec4186feca25383e707a9f85aa4988d082365e7
SSDEEP

1536:sQowX7LgxGY+lzyUFYEu5J/1JfSUoVZYYhyn/WR1z9P5PG7O4mRT+VsYs:leGY+lpk1SUoNEsv

Score

10^/10

xworm rat trojan

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

WindowsApp1.exe

Resource

win7-20240903-en

xworm rat trojan

windows7-x64

8 signatures

150 seconds

Behavioral task

behavioral2

Sample

WindowsApp1.exe

Resource

win10v2004-20250217-en

xworm rat trojan

windows10-2004-x64

9 signatures

150 seconds

Malware Config

Extracted

Family

xworm

Version

5.0

C2

paul-nw.gl.at.ply.gg:51413

Mutex

AVvzTAnLyW8qQCcO

Attributes

Install_directory
%AppData%
install_file
kev.exe

aes.plain

Targets

- Target
  
  WindowsApp1.exe
- Size
  
  118KB
- MD5
  
  0d19cad630767b9be69693ffa5c614da
- SHA1
  
  0a72a3d355e094bdc16f03dc9cc660e6031342b9
- SHA256
  
  376256408781bf18394e524a1c52b34bcb375289c13c75678069fa57cac0b6a8
- SHA512
  
  70854128254cea8bd233d2930f7fd285609a44997b96e326aee19b89defa3971bf70ffe4c8647ec207003aa88ec4186feca25383e707a9f85aa4988d082365e7
- SSDEEP
  
  1536:sQowX7LgxGY+lzyUFYEu5J/1JfSUoVZYYhyn/WR1z9P5PG7O4mRT+VsYs:leGY+lpk1SUoNEsv
Score

10^/10

xworm rat trojan
- Detect Xworm Payload
- Xworm
  Xworm is a remote access trojan written in C#.
  trojan rat xworm
- Xworm family
  xworm
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2

© 2018-2025

Terms | Privacy