xworm | 73f7c7fbf82f23ac548ce23caab9a89935f5e992ca07a01a52c4b897b625791c | Triage

Submit
Reports

Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

Static

static

Nixware.exe

windows10-ltsc 2021-x64

Sharing

General

Target

Nixware.exe
Size

75KB
Sample

250228-q6l7qa1ls5
MD5

ab5dbeb065e58170f4bdce27e5cac036
SHA1

a45cf20ba7700225594c0228b60ebf67b47ae9a4
SHA256

73f7c7fbf82f23ac548ce23caab9a89935f5e992ca07a01a52c4b897b625791c
SHA512

0ec79ced728f0c3a8063b7e3f64d02f0c06714fa70422170445e6ee786bd6485847e04bb20986bb48debd1ceb43eed7635082ee13b881e5701004cc7a911fee9
SSDEEP

1536:f4AgapwMk06Ta7qbWK/kGxup6SICOqmFlc2:gAL6nha7qbWoluvTOqC62

Score

10^/10

xworm rat trojan

Static task

static1

3 signatures

Behavioral task

behavioral1

Sample

Nixware.exe

Resource

win10ltsc2021-20250217-en

xworm rat trojan

windows10-ltsc 2021-x64

5 signatures

150 seconds

Malware Config

Extracted

Family

xworm

C2

127.0.0.1:8848

on-allow.gl.at.ply.gg:8848

Attributes

Install_directory
%Userprofile%
install_file
svchost.exe

Targets

- Target
  
  Nixware.exe
- Size
  
  75KB
- MD5
  
  ab5dbeb065e58170f4bdce27e5cac036
- SHA1
  
  a45cf20ba7700225594c0228b60ebf67b47ae9a4
- SHA256
  
  73f7c7fbf82f23ac548ce23caab9a89935f5e992ca07a01a52c4b897b625791c
- SHA512
  
  0ec79ced728f0c3a8063b7e3f64d02f0c06714fa70422170445e6ee786bd6485847e04bb20986bb48debd1ceb43eed7635082ee13b881e5701004cc7a911fee9
- SSDEEP
  
  1536:f4AgapwMk06Ta7qbWK/kGxup6SICOqmFlc2:gAL6nha7qbWoluvTOqC62
Score

10^/10

xworm rat trojan
- Detect Xworm Payload
- Xworm
  Xworm is a remote access trojan written in C#.
  trojan rat xworm
- Xworm family
  xworm
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
behavioral1

MITRE ATT&CK Matrix

Tasks

static1

behavioral1

© 2018-2025

Terms | Privacy