xworm | b6eb9fc838848b1455ef01e2bdc497c059b16859963162ce81ad29554c7918bb | Triage

Submit
Reports

Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

Static

static

steam.exe

windows7-x64

steam.exe

windows10-2004-x64

Sharing

General

Target

steam.exe
Size

51KB
Sample

250308-3f5ycsvse1
MD5

4ca159a48c50aeb62cd0db7b032474ac
SHA1

b77c87928df07242bda75608a4701eda403b0968
SHA256

b6eb9fc838848b1455ef01e2bdc497c059b16859963162ce81ad29554c7918bb
SHA512

9b677d0f8f6292eed963cf670186396d422f44ec596cd3cfd23a8d938a65a37decad9681e8826e4dce992a56c09e2f0aa03b9b1533da4856275a117ef96f3c9f
SSDEEP

768:/47Yz7pDW8ntPrKlDaC+J1aJydLsb6KpwfhXWri1S+hJOp45LW+:/47EW8ndiaKOLsb6KmfNXbOz+

Score

10^/10

xworm rat trojan

Static task

static1

3 signatures

Behavioral task

behavioral1

Sample

steam.exe

Resource

win7-20240903-en

xworm rat trojan

windows7-x64

5 signatures

150 seconds

Behavioral task

behavioral2

Sample

steam.exe

Resource

win10v2004-20250217-en

xworm rat trojan

windows10-2004-x64

5 signatures

150 seconds

Malware Config

Extracted

Family

xworm

Attributes

install_file
USB.exe

Targets

- Target
  
  steam.exe
- Size
  
  51KB
- MD5
  
  4ca159a48c50aeb62cd0db7b032474ac
- SHA1
  
  b77c87928df07242bda75608a4701eda403b0968
- SHA256
  
  b6eb9fc838848b1455ef01e2bdc497c059b16859963162ce81ad29554c7918bb
- SHA512
  
  9b677d0f8f6292eed963cf670186396d422f44ec596cd3cfd23a8d938a65a37decad9681e8826e4dce992a56c09e2f0aa03b9b1533da4856275a117ef96f3c9f
- SSDEEP
  
  768:/47Yz7pDW8ntPrKlDaC+J1aJydLsb6KpwfhXWri1S+hJOp45LW+:/47EW8ndiaKOLsb6KmfNXbOz+
Score

10^/10

xworm rat trojan
- Detect Xworm Payload
- Xworm
  Xworm is a remote access trojan written in C#.
  trojan rat xworm
- Xworm family
  xworm
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
behavioral1 behavioral2

MITRE ATT&CK Matrix

Tasks

static1

behavioral1

behavioral2

© 2018-2025

Terms | Privacy