xworm | 91017e11d0af0c3addbcc9624d6018d783d357b326c6620ed46686a14e33558d | Triage

Submit
Reports

Overview

overview

Static

static

1

file.html

windows11-21h2-x64

Sharing

General

Target

file
Size

7KB
Sample

250305-1zjhcszycz
MD5

f8e6c016130cbc130645e658e06a2995
SHA1

0092a052e3b6d35d36c6b3b510c0a420dd815d93
SHA256

91017e11d0af0c3addbcc9624d6018d783d357b326c6620ed46686a14e33558d
SHA512

a4a4ca6c98a62d5e1c8e609ef80e9a264d8c89ecd9a835260d5488850af514f740f166954e683c6c522114b222dfaaef3292d2f5ff61490c4cc219cc58a058a8
SSDEEP

192:PN2x2BR7VSWyglyj6RMbSoEddJgMuUyTN:AxI7jrM68SoEdvaHN

Score

10^/10

xworm discovery execution rat trojan

Static task

static1

Behavioral task

behavioral1

Sample

file.html

Resource

win11-20250217-en

xworm discovery execution rat trojan

windows11-21h2-x64

25 signatures

150 seconds

Malware Config

Extracted

Family

xworm

Version

5.0

C2

137.184.74.73:5000

Mutex

Y2rnj2CSRObOXXLb

Attributes

Install_directory
%ProgramData%
install_file
System.exe

aes.plain

Targets

- Target
  
  file
- Size
  
  7KB
- MD5
  
  f8e6c016130cbc130645e658e06a2995
- SHA1
  
  0092a052e3b6d35d36c6b3b510c0a420dd815d93
- SHA256
  
  91017e11d0af0c3addbcc9624d6018d783d357b326c6620ed46686a14e33558d
- SHA512
  
  a4a4ca6c98a62d5e1c8e609ef80e9a264d8c89ecd9a835260d5488850af514f740f166954e683c6c522114b222dfaaef3292d2f5ff61490c4cc219cc58a058a8
- SSDEEP
  
  192:PN2x2BR7VSWyglyj6RMbSoEddJgMuUyTN:AxI7jrM68SoEdvaHN
Score

10^/10

xworm discovery execution rat trojan
- Detect Xworm Payload
- Xworm
  Xworm is a remote access trojan written in C#.
  trojan rat xworm
- Xworm family
  xworm
- Blocklisted process makes network request
- Command and Scripting Interpreter: PowerShell
  Powershell Invoke Web Request.
  execution
- Drops startup file
- Executes dropped EXE
- Legitimate hosting services abused for malware hosting/C2
behavioral1

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Command and Scripting Interpreter

PowerShell

Scheduled Task/Job

Scheduled Task

Persistence

Scheduled Task/Job

Scheduled Task

Privilege Escalation

Scheduled Task/Job

Scheduled Task

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Web Service

Exfiltration

Impact

Tasks

static1

behavioral1

xwormdiscoveryexecutionrattrojan

© 2018-2025

Terms | Privacy