xworm | 4ba863fc0a1da38b5e9e987e7e36cf0b7a8dfb6eebab1fd4eb09c8c1b7e4815d | Triage

Submit
Reports

Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

Static

static

3

we.exe

windows7-x64

we.exe

windows10-2004-x64

Sharing

General

Target

we.exe
Size

313KB
Sample

250228-m6lz6szj15
MD5

d1cc6b6a0bf9c9a89341eea7633f00bc
SHA1

ff6f84b71ffdc05af654ecf28006206eeff0afcf
SHA256

4ba863fc0a1da38b5e9e987e7e36cf0b7a8dfb6eebab1fd4eb09c8c1b7e4815d
SHA512

dd73988ad22265d200da041d7b73af917f6e65642dda175759c6649a49cc7bfabc01493aa6938a3b987b88f4f8f5e81969ec60879141931e2d01e7a74a4a29fc
SSDEEP

6144:viC0I27yJtJ71HfdgwBBArJW2ZTTdPDu8r6SE:vR0HIJR/dgwArJW2ZTTd6eE

Score

10^/10

xworm discovery rat trojan

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

we.exe

Resource

win7-20240903-en

xworm discovery rat trojan

windows7-x64

7 signatures

150 seconds

Behavioral task

behavioral2

Sample

we.exe

Resource

win10v2004-20250217-en

xworm discovery rat trojan

windows10-2004-x64

7 signatures

150 seconds

Malware Config

Extracted

Family

xworm

Version

5.0

C2

185.7.214.211:4444

aes.plain

Targets

- Target
  
  we.exe
- Size
  
  313KB
- MD5
  
  d1cc6b6a0bf9c9a89341eea7633f00bc
- SHA1
  
  ff6f84b71ffdc05af654ecf28006206eeff0afcf
- SHA256
  
  4ba863fc0a1da38b5e9e987e7e36cf0b7a8dfb6eebab1fd4eb09c8c1b7e4815d
- SHA512
  
  dd73988ad22265d200da041d7b73af917f6e65642dda175759c6649a49cc7bfabc01493aa6938a3b987b88f4f8f5e81969ec60879141931e2d01e7a74a4a29fc
- SSDEEP
  
  6144:viC0I27yJtJ71HfdgwBBArJW2ZTTdPDu8r6SE:vR0HIJR/dgwArJW2ZTTd6eE
Score

10^/10

xworm discovery rat trojan
- Detect Xworm Payload
- Xworm
  Xworm is a remote access trojan written in C#.
  trojan rat xworm
- Xworm family
  xworm
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

xwormdiscoveryrattrojan

behavioral2

xwormdiscoveryrattrojan

© 2018-2025

Terms | Privacy