xworm | edb2fff0c95a645ac3906d1b4e5684d551c79c3683521603b8d2851699b26e9d | Triage

Submit
Reports

Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

Static

static

edb2fff0c9...9d.exe

windows7-x64

edb2fff0c9...9d.exe

windows10-2004-x64

Sharing

General

Target

edb2fff0c95a645ac3906d1b4e5684d551c79c3683521603b8d2851699b26e9d
Size

83KB
Sample

250228-es5ala1rv6
MD5

6dde6de666cd688c16ef2bf82680452f
SHA1

af9beea2ff54247e5f7d4603f9ed586091cd88e6
SHA256

edb2fff0c95a645ac3906d1b4e5684d551c79c3683521603b8d2851699b26e9d
SHA512

edba86faeaee60894d26a75f69d73609f45b2b557e515f7dd661eba1511b413674a6ebe93d27516977f98e9f3dbe2acbef5dfc95de0df9fab9e610de21e963f7
SSDEEP

1536:PEhHQHwNaUtgJeFxVJhQfVQbg8bsy76yOvGl6F2OOo5R3FDmdIU:PEhwQgUGEQfVQbg8bsy7Jta2OdRZuD

Score

10^/10

xworm rat trojan

Static task

static1

3 signatures

Behavioral task

behavioral1

Sample

edb2fff0c95a645ac3906d1b4e5684d551c79c3683521603b8d2851699b26e9d.exe

Resource

win7-20240903-en

xworm rat trojan

windows7-x64

5 signatures

150 seconds

Behavioral task

behavioral2

Sample

edb2fff0c95a645ac3906d1b4e5684d551c79c3683521603b8d2851699b26e9d.exe

Resource

win10v2004-20250217-en

xworm rat trojan

windows10-2004-x64

5 signatures

150 seconds

Malware Config

Extracted

Family

xworm

C2

127.0.0.1:18860

general-affiliates.gl.at.ply.gg:18860

Attributes

Install_directory
%AppData%
install_file
Svhosts.exe
telegram
https://api.telegram.org/bot7513558352:AAE72p1kvyc6pvBQw1IvpHKw_VA1uisYseA/sendMessage?chat_id=7538276343

Targets

- Target
  
  edb2fff0c95a645ac3906d1b4e5684d551c79c3683521603b8d2851699b26e9d
- Size
  
  83KB
- MD5
  
  6dde6de666cd688c16ef2bf82680452f
- SHA1
  
  af9beea2ff54247e5f7d4603f9ed586091cd88e6
- SHA256
  
  edb2fff0c95a645ac3906d1b4e5684d551c79c3683521603b8d2851699b26e9d
- SHA512
  
  edba86faeaee60894d26a75f69d73609f45b2b557e515f7dd661eba1511b413674a6ebe93d27516977f98e9f3dbe2acbef5dfc95de0df9fab9e610de21e963f7
- SSDEEP
  
  1536:PEhHQHwNaUtgJeFxVJhQfVQbg8bsy76yOvGl6F2OOo5R3FDmdIU:PEhwQgUGEQfVQbg8bsy7Jta2OdRZuD
Score

10^/10

xworm rat trojan
- Detect Xworm Payload
- Xworm
  Xworm is a remote access trojan written in C#.
  trojan rat xworm
- Xworm family
  xworm
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
behavioral1 behavioral2

MITRE ATT&CK Matrix

Tasks

static1

behavioral1

behavioral2

© 2018-2025

Terms | Privacy