xworm | hxxps://gofile[.]io/d/0hxASt | Triage

Submit
Reports

Overview

overview

Static

static

1

URLScan

urlscan

1

https://gofile.io/d/...

windows10-2004-x64

Resubmissions

05/03/2025, 16:37

250305-t5an3stjx4 10

05/03/2025, 16:32

250305-t174sasxfz 10

05/03/2025, 16:30

250305-tzwpcssry5 10

Sharing

General

Target

https://gofile.io/d/0hxASt
Sample

250305-t5an3stjx4

Score

10^/10

xworm discovery execution rat trojan

Static task

static1

URLScan task

urlscan1

Behavioral task

behavioral1

Sample

https://gofile.io/d/0hxASt

Resource

win10v2004-20250217-en

xworm discovery execution rat trojan

windows10-2004-x64

19 signatures

600 seconds

Malware Config

Extracted

Family

xworm

Version

5.0

C2

181.214.214.6:30120

Mutex

z5dRlxK0ktwBzYfm

Attributes

Install_directory
%ProgramData%
install_file
NVIDIA app.exe

aes.plain

Targets

- Target
  
  https://gofile.io/d/0hxASt
Score

10^/10

xworm discovery execution rat trojan
- Detect Xworm Payload
- Xworm
  Xworm is a remote access trojan written in C#.
  trojan rat xworm
- Xworm family
  xworm
- Command and Scripting Interpreter: PowerShell
  Run Powershell and hide display window.
  execution
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
behavioral1

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Command and Scripting Interpreter

PowerShell

Scheduled Task/Job

Scheduled Task

Persistence

Scheduled Task/Job

Scheduled Task

Privilege Escalation

Scheduled Task/Job

Scheduled Task

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

urlscan1

behavioral1

xwormdiscoveryexecutionrattrojan

© 2018-2025

Terms | Privacy