xworm | 75ec0944508969faba292ea85974baa5880f95100280851592615d1befd24513 | Triage

Submit
Reports

Overview

overview

Static

static

3

Fyz.exe

windows7-x64

Fyz.exe

windows10-2004-x64

Sharing

General

Target

Fyz.exe
Size

83KB
Sample

250305-dqs9waxls5
MD5

f1f85fdacfd295faf64fb7a23973cd49
SHA1

ebdb5b3687670aa3f64fab82558f62b4190daf4f
SHA256

75ec0944508969faba292ea85974baa5880f95100280851592615d1befd24513
SHA512

3fdf6627a2758a77e6dd2f1164764491af4402a0463edf60dd7c6d436fc0484498226e2408770fbcf44fe72b1b1c0685957ab56a3083729bf5a5a9d1acb2deef
SSDEEP

1536:VgXeoVUIzfmssAhUykfv6QZslxxctjAHmSu0ADfI/e5VihgvsMnkJ:VgXFVUIzfmGULfv6ucx2E0TfoTQkJ

Score

10^/10

xworm discovery rat trojan

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

Fyz.exe

Resource

win7-20240903-en

xworm rat trojan

windows7-x64

7 signatures

150 seconds

Behavioral task

behavioral2

Sample

Fyz.exe

Resource

win10v2004-20250217-en

xworm discovery rat trojan

windows10-2004-x64

14 signatures

150 seconds

Malware Config

Extracted

Family

xworm

C2

172.16.150.134:5001

:5001

Attributes

install_file
USB.exe

Targets

- Target
  
  Fyz.exe
- Size
  
  83KB
- MD5
  
  f1f85fdacfd295faf64fb7a23973cd49
- SHA1
  
  ebdb5b3687670aa3f64fab82558f62b4190daf4f
- SHA256
  
  75ec0944508969faba292ea85974baa5880f95100280851592615d1befd24513
- SHA512
  
  3fdf6627a2758a77e6dd2f1164764491af4402a0463edf60dd7c6d436fc0484498226e2408770fbcf44fe72b1b1c0685957ab56a3083729bf5a5a9d1acb2deef
- SSDEEP
  
  1536:VgXeoVUIzfmssAhUykfv6QZslxxctjAHmSu0ADfI/e5VihgvsMnkJ:VgXFVUIzfmGULfv6ucx2E0TfoTQkJ
Score

10^/10

xworm rat trojan discovery
- Detect Xworm Payload
- Xworm
  Xworm is a remote access trojan written in C#.
  trojan rat xworm
- Xworm family
  xworm
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2

xwormdiscoveryrattrojan

© 2018-2025

Terms | Privacy