xworm | d12964541a2b7f18d1aa235a1725cdf2606269c7f6f97c55e92fc480710a82f4 | Triage

Submit
Reports

Overview

overview

Static

static

Steam.exe

windows11-21h2-x64

Sharing

General

Target

Steam.exe
Size

141KB
Sample

250308-m6al5swsdt
MD5

c6b6f2505d47e4cd1dce947af878f580
SHA1

e0bbebebbd86c49b3a1ed9268abccbd7f4add970
SHA256

d12964541a2b7f18d1aa235a1725cdf2606269c7f6f97c55e92fc480710a82f4
SHA512

4480b20fe058d10e6fbc8ac88e7f0b1e6b6804c5a1ddc6a84b5409c75d21f164ddcaee0fa0c711ae276dd10c21066c214821d31fa85684c4db4237a20f5dc0b8
SSDEEP

3072:QWQPZXJxqvwVb9LFH4vO8En6ZZZj7Iq+gJTefr:GPnxOwVbANHnh+g

Score

10^/10

xworm rat trojan

Static task

static1

3 signatures

Behavioral task

behavioral1

Sample

Steam.exe

Resource

win11-20250217-en

xworm rat trojan

windows11-21h2-x64

5 signatures

150 seconds

Malware Config

Extracted

Family

xworm

C2

some-event.gl.at.ply.gg:47661

Attributes

Install_directory
%AppData%
install_file
USB.exe

Targets

- Target
  
  Steam.exe
- Size
  
  141KB
- MD5
  
  c6b6f2505d47e4cd1dce947af878f580
- SHA1
  
  e0bbebebbd86c49b3a1ed9268abccbd7f4add970
- SHA256
  
  d12964541a2b7f18d1aa235a1725cdf2606269c7f6f97c55e92fc480710a82f4
- SHA512
  
  4480b20fe058d10e6fbc8ac88e7f0b1e6b6804c5a1ddc6a84b5409c75d21f164ddcaee0fa0c711ae276dd10c21066c214821d31fa85684c4db4237a20f5dc0b8
- SSDEEP
  
  3072:QWQPZXJxqvwVb9LFH4vO8En6ZZZj7Iq+gJTefr:GPnxOwVbANHnh+g
Score

10^/10

xworm rat trojan
- Detect Xworm Payload
- Xworm
  Xworm is a remote access trojan written in C#.
  trojan rat xworm
- Xworm family
  xworm
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
behavioral1

MITRE ATT&CK Matrix

Tasks

static1

behavioral1

© 2018-2025

Terms | Privacy