xworm | 3e29a57bde610ff61c422796b89fc4332f265cc50e966593fc2b00bb23a13a21 | Triage

Submit
Reports

Overview

overview

Static

static

3

SystemSettings.rar

windows11-21h2-x64

Sharing

General

Target

SystemSettings.rar
Size

130KB
Sample

250306-sltgeaskv4
MD5

cfd1e38ba89d12c7dcb31f7fcc688064
SHA1

2d3ee0fa93877e850e625ed3e5f18d3dea70e167
SHA256

3e29a57bde610ff61c422796b89fc4332f265cc50e966593fc2b00bb23a13a21
SHA512

326ac74f3a27163d591193e323bb84e1ae10bd22ea2fe323c414265e66c5a720f271b8f4de8039989920aeb5937c5b1fdba03d0328427ef94bfee41101064c7f
SSDEEP

3072:nrURbAWbGvrMy06g8CdSgtapOYkJGJE+/7thDG/3yWitioCwnk:ObAW1yB7mSgtaEuEyhJlk

Score

10^/10

xworm execution rat trojan

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

SystemSettings.rar

Resource

win11-20250217-en

xworm execution rat trojan

windows11-21h2-x64

18 signatures

150 seconds

Malware Config

Extracted

Family

xworm

Version

5.0

Mutex

uoqo0jDHykn623lG

Attributes

Install_directory
%Public%
install_file
SystemSettings.exe
pastebin_url
https://pastebin.com/raw/4zaiEtZS
telegram
https://api.telegram.org/bot8175192176:AAHZuZ0-rHS66YSwsvh8-gQjbZYSbY3IyXo/sendMessage?chat_id=7537927256

aes.plain

Targets

- Target
  
  SystemSettings.rar
- Size
  
  130KB
- MD5
  
  cfd1e38ba89d12c7dcb31f7fcc688064
- SHA1
  
  2d3ee0fa93877e850e625ed3e5f18d3dea70e167
- SHA256
  
  3e29a57bde610ff61c422796b89fc4332f265cc50e966593fc2b00bb23a13a21
- SHA512
  
  326ac74f3a27163d591193e323bb84e1ae10bd22ea2fe323c414265e66c5a720f271b8f4de8039989920aeb5937c5b1fdba03d0328427ef94bfee41101064c7f
- SSDEEP
  
  3072:nrURbAWbGvrMy06g8CdSgtapOYkJGJE+/7thDG/3yWitioCwnk:ObAW1yB7mSgtaEuEyhJlk
Score

10^/10

xworm execution rat trojan
- Detect Xworm Payload
- Xworm
  Xworm is a remote access trojan written in C#.
  trojan rat xworm
- Xworm family
  xworm
- Command and Scripting Interpreter: PowerShell
  Run Powershell to modify Windows Defender settings to add exclusions for file extensions, paths, and processes.
  execution
- Executes dropped EXE
- Legitimate hosting services abused for malware hosting/C2
- Drops file in System32 directory
behavioral1

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Command and Scripting Interpreter

PowerShell

Scheduled Task/Job

Scheduled Task

Persistence

Scheduled Task/Job

Scheduled Task

Privilege Escalation

Scheduled Task/Job

Scheduled Task

Defense Evasion

Credential Access

Discovery

Peripheral Device Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Web Service

Exfiltration

Impact

Tasks

static1

behavioral1

xwormexecutionrattrojan

© 2018-2025

Terms | Privacy