xworm | b5a4b1a445b993f44e351821b76c5bdc156c2f2609c6f6fbfc34a731e7d9937f | Triage

Submit
Reports

Overview

overview

Static

static

3

QH8DN3K9X.exe

windows7-x64

QH8DN3K9X.exe

windows10-2004-x64

Sharing

General

Target

QH8DN3K9X.exe
Size

518KB
Sample

250306-rw5rra1ny2
MD5

8fd78d3f0ffc585c0946e347281caa9d
SHA1

1cd95c47a876b367a96b91575ce876f933659144
SHA256

b5a4b1a445b993f44e351821b76c5bdc156c2f2609c6f6fbfc34a731e7d9937f
SHA512

cc692611f688cf60a2d2f396e18e9ab7579832f127084a4c596b93550ecd913a952feff7c52f80f29e8d85217beb21659b5b644a8ea8cb653bbc74f0bb6bf27c
SSDEEP

6144:QC5gmYW9mPMQ/ay6H5hcQMFHYQdH2RYRtO7aIRvHLfaf97rUHZNTrtiZp6AH:jgtPx/uZhaHY4H2i2RvrfY0H7tc

Score

10^/10

xworm discovery persistence rat trojan

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

QH8DN3K9X.exe

Resource

win7-20241010-en

xworm discovery persistence rat trojan

windows7-x64

16 signatures

150 seconds

Behavioral task

behavioral2

Sample

QH8DN3K9X.exe

Resource

win10v2004-20250217-en

xworm discovery persistence rat trojan

windows10-2004-x64

15 signatures

150 seconds

Malware Config

Extracted

Family

xworm

C2

176.65.144.119:7000

Attributes

Install_directory
%AppData%
install_file
XClient.exe

Targets

- Target
  
  QH8DN3K9X.exe
- Size
  
  518KB
- MD5
  
  8fd78d3f0ffc585c0946e347281caa9d
- SHA1
  
  1cd95c47a876b367a96b91575ce876f933659144
- SHA256
  
  b5a4b1a445b993f44e351821b76c5bdc156c2f2609c6f6fbfc34a731e7d9937f
- SHA512
  
  cc692611f688cf60a2d2f396e18e9ab7579832f127084a4c596b93550ecd913a952feff7c52f80f29e8d85217beb21659b5b644a8ea8cb653bbc74f0bb6bf27c
- SSDEEP
  
  6144:QC5gmYW9mPMQ/ay6H5hcQMFHYQdH2RYRtO7aIRvHLfaf97rUHZNTrtiZp6AH:jgtPx/uZhaHY4H2i2RvrfY0H7tc
Score

10^/10

xworm discovery persistence rat trojan
- Detect Xworm Payload
- Xworm
  Xworm is a remote access trojan written in C#.
  trojan rat xworm
- Xworm family
  xworm
- Drops startup file
- Executes dropped EXE
- Loads dropped DLL
- Adds Run key to start application
  persistence
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Modify Registry

Credential Access

Discovery

Remote System Discovery

System Location Discovery

System Language Discovery

System Network Configuration Discovery

Internet Connection Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

xwormdiscoverypersistencerattrojan

behavioral2

xwormdiscoverypersistencerattrojan

© 2018-2025

Terms | Privacy