xworm | 74e0935e8ae394bc11ae15b98dbdd63301de4eab026544d930d0ebe91d2ddfbb | Triage

Submit
Reports

Overview

overview

Static

static

WizWorm v4...rm.exe

windows7-x64

WizWorm v4...rm.exe

windows10-2004-x64

Sharing

General

Target

WizWorm_v4.rar
Size

36.8MB
Sample

250308-ww5tzaz1cv
MD5

49fa978a531ee4ca90726bda4b7854d7
SHA1

05b1aabc2ee77f0ba4f80aa040ba1152c178d2bb
SHA256

74e0935e8ae394bc11ae15b98dbdd63301de4eab026544d930d0ebe91d2ddfbb
SHA512

c82f416ca593226a5cbff0358b951400690f1aa0d677d3f7fac406567e1b4737ff0cb76c88de2607aa6614be939c5678a06f318c93d448ddf5d6c8d0e1d0f26b
SSDEEP

786432:A8Xp1FGOxZos4Xs0vYJOQx1tombO2ld8ZufuthroGr79YELvmLBMGm4fpE:A8Xp1FJxstYJOQvRIuf0rooKELeLaGo

Score

10^/10

xworm rat trojan

Static task

static1

2 signatures

Behavioral task

behavioral1

Sample

WizWorm v4/WizWorm.exe

Resource

win7-20240903-en

xworm rat trojan

windows7-x64

17 signatures

150 seconds

Behavioral task

behavioral2

Sample

WizWorm v4/WizWorm.exe

Resource

win10v2004-20250217-en

xworm rat trojan

windows10-2004-x64

15 signatures

150 seconds

Malware Config

Extracted

Family

xworm

C2

127.0.0.1:5552

Mutex

X5iNfowLQbIX3fc7

Attributes

install_file
USB.exe

aes.plain

aes.plain

Targets

- Target
  
  WizWorm v4/WizWorm.exe
- Size
  
  14.3MB
- MD5
  
  0d7b4b1882f63bdd50b95c566d71ae14
- SHA1
  
  fd44458018d9ba5beee8a67b7f22bb5c6e1f850d
- SHA256
  
  4a095cf379d66c7123416fec489a8ef6b767fec71959e13714127d6c3bb41c06
- SHA512
  
  97ad65c805be31d1d530077b4736ff4c844c51a2d4550e856933f08a328e4c74ecef7e22040a27e9a03509170c4bc780e26b0389cb57385d5217f56d68a7aeda
- SSDEEP
  
  393216:q3vfM+4csPWDxmpDz05h8HpCLemOEkHh1og2CrVJCmvT:q3vfM+4cVm25hspRmIAWvH
Score

10^/10

xworm rat trojan
- Detect Xworm Payload
- Xworm
  Xworm is a remote access trojan written in C#.
  trojan rat xworm
- Xworm family
  xworm
- Executes dropped EXE
- Uses the VBS compiler for execution
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Command and Scripting Interpreter

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

Subvert Trust Controls

Install Root Certificate

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2

© 2018-2025

Terms | Privacy