xworm | caf4f464d2b19597c8ea779b41599c211d122e74954cc7c03ee2387f616725d1 | Triage

Submit
Reports

Overview

overview

Static

static

Steam.exe

windows11-21h2-x64

Sharing

General

Target

Steam.exe
Size

144KB
Sample

250308-m5pdxawkz9
MD5

a3614a8b3247b24de5c7ffc763dc1caf
SHA1

7e3f222bfb753f1ebf1e27569af7a24d42476b9b
SHA256

caf4f464d2b19597c8ea779b41599c211d122e74954cc7c03ee2387f616725d1
SHA512

203172dbc4f5d07ac850344dbe0085a61eb18a98dfc5985da19c740490807ebdfaebb1c7b71c78b10c04dc97daafb848333b822f6eab4f94fa4974d2dde42430
SSDEEP

3072:PmBMigkWAx9bNTz8KQOiOyuT9F/Zj7Iq+gJTefr:bi7WA/bx5QOuyRnh+g

Score

10^/10

xworm rat trojan

Static task

static1

3 signatures

Behavioral task

behavioral1

Sample

Steam.exe

Resource

win11-20250218-en

xworm rat trojan

windows11-21h2-x64

5 signatures

150 seconds

Malware Config

Extracted

Family

xworm

C2

some-event.gl.at.ply.gg:1337

Attributes

Install_directory
%AppData%
install_file
USB.exe

Targets

- Target
  
  Steam.exe
- Size
  
  144KB
- MD5
  
  a3614a8b3247b24de5c7ffc763dc1caf
- SHA1
  
  7e3f222bfb753f1ebf1e27569af7a24d42476b9b
- SHA256
  
  caf4f464d2b19597c8ea779b41599c211d122e74954cc7c03ee2387f616725d1
- SHA512
  
  203172dbc4f5d07ac850344dbe0085a61eb18a98dfc5985da19c740490807ebdfaebb1c7b71c78b10c04dc97daafb848333b822f6eab4f94fa4974d2dde42430
- SSDEEP
  
  3072:PmBMigkWAx9bNTz8KQOiOyuT9F/Zj7Iq+gJTefr:bi7WA/bx5QOuyRnh+g
Score

10^/10

xworm rat trojan
- Detect Xworm Payload
- Xworm
  Xworm is a remote access trojan written in C#.
  trojan rat xworm
- Xworm family
  xworm
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
behavioral1

MITRE ATT&CK Matrix

Tasks

static1

behavioral1

© 2018-2025

Terms | Privacy