xworm | a6efc36d12cb0bbeff1748eefb46f2ad6df30cc736a0afe1337f3b97e85443f2 | Triage

Submit
Reports

Overview

overview

Static

static

2025-03-06...ar.exe

windows7-x64

2025-03-06...ar.exe

windows10-2004-x64

Sharing

General

Target

2025-03-06_7c47ea730d0d9201dfb31d80c4bf16ce_hiddentear
Size

192KB
Sample

250306-cqpq1svxhv
MD5

7c47ea730d0d9201dfb31d80c4bf16ce
SHA1

85de8ad640c8b2c5e186f4bdf1819870afeac2b8
SHA256

a6efc36d12cb0bbeff1748eefb46f2ad6df30cc736a0afe1337f3b97e85443f2
SHA512

5c708b9a251263de8f2c6619f0515fd3ea3bc1b8be837b778223983cb97f182c36bd7332dbd79c701793038b805b304033a858f104d283f400b3af90bca5237d
SSDEEP

6144:jmpsdZuN2iRzjMelR74/gU8G9CbGCrmsE/93ffk8q98R77Hg3c05yH+lDAA:jmpsdZuN2iRzjBlR74/gU8G9CbGCrmsz

Score

10^/10

xworm persistence rat trojan

Static task

static1

3 signatures

Behavioral task

behavioral1

Sample

2025-03-06_7c47ea730d0d9201dfb31d80c4bf16ce_hiddentear.exe

Resource

win7-20240903-en

xworm persistence rat trojan

windows7-x64

11 signatures

150 seconds

Behavioral task

behavioral2

Sample

2025-03-06_7c47ea730d0d9201dfb31d80c4bf16ce_hiddentear.exe

Resource

win10v2004-20250217-en

xworm persistence rat trojan

windows10-2004-x64

12 signatures

150 seconds

Malware Config

Targets

- Target
  
  2025-03-06_7c47ea730d0d9201dfb31d80c4bf16ce_hiddentear
- Size
  
  192KB
- MD5
  
  7c47ea730d0d9201dfb31d80c4bf16ce
- SHA1
  
  85de8ad640c8b2c5e186f4bdf1819870afeac2b8
- SHA256
  
  a6efc36d12cb0bbeff1748eefb46f2ad6df30cc736a0afe1337f3b97e85443f2
- SHA512
  
  5c708b9a251263de8f2c6619f0515fd3ea3bc1b8be837b778223983cb97f182c36bd7332dbd79c701793038b805b304033a858f104d283f400b3af90bca5237d
- SSDEEP
  
  6144:jmpsdZuN2iRzjMelR74/gU8G9CbGCrmsE/93ffk8q98R77Hg3c05yH+lDAA:jmpsdZuN2iRzjBlR74/gU8G9CbGCrmsz
Score

10^/10

xworm persistence rat trojan
- Detect Xworm Payload
- Xworm
  Xworm is a remote access trojan written in C#.
  trojan rat xworm
- Xworm family
  xworm
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Drops startup file
- Executes dropped EXE
- Adds Run key to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Scheduled Task/Job

Scheduled Task

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Scheduled Task/Job

Scheduled Task

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Scheduled Task/Job

Scheduled Task

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

xwormpersistencerattrojan

behavioral2

xwormpersistencerattrojan

© 2018-2025

Terms | Privacy