xworm | 7ad235452a11f0343fcf1def524d04800e591b13e40188cc1cf5be37e9628f36 | Triage

Submit
Reports

Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

Static

static

3

VuxaSpoofer.exe

windows7-x64

VuxaSpoofer.exe

windows10-2004-x64

Sharing

General

Target

VuxaSpoofer.exe
Size

3.6MB
Sample

250308-ybyaha1qs7
MD5

d4473f64014380bd2f087935d01e4cf4
SHA1

39d009e253008ed76a65c76bcd55010b016638c1
SHA256

7ad235452a11f0343fcf1def524d04800e591b13e40188cc1cf5be37e9628f36
SHA512

27865bf8b587ee2b5da590ff72a510702591e52c2d8e377cf90b44e2a602ae5a6f605231506cbd65b41fa7c28df332e08aeca3fbb6ee0aea9c33540179e3ed34
SSDEEP

98304:GLYNYcvh7hfw9An9todOS5J+ZkvtnpKLiFqI8wM/4v:GLw1hFfwMrQOS5fVnpKGFm/K

Score

10^/10

xworm rat trojan

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

VuxaSpoofer.exe

Resource

win7-20241010-en

xworm rat trojan

windows7-x64

9 signatures

150 seconds

Behavioral task

behavioral2

Sample

VuxaSpoofer.exe

Resource

win10v2004-20250217-en

xworm rat trojan

windows10-2004-x64

9 signatures

150 seconds

Malware Config

Extracted

Family

xworm

C2

front-cad.gl.at.ply.gg:36514

Attributes

Install_directory
%AppData%
install_file
USB.exe

Targets

- Target
  
  VuxaSpoofer.exe
- Size
  
  3.6MB
- MD5
  
  d4473f64014380bd2f087935d01e4cf4
- SHA1
  
  39d009e253008ed76a65c76bcd55010b016638c1
- SHA256
  
  7ad235452a11f0343fcf1def524d04800e591b13e40188cc1cf5be37e9628f36
- SHA512
  
  27865bf8b587ee2b5da590ff72a510702591e52c2d8e377cf90b44e2a602ae5a6f605231506cbd65b41fa7c28df332e08aeca3fbb6ee0aea9c33540179e3ed34
- SSDEEP
  
  98304:GLYNYcvh7hfw9An9todOS5J+ZkvtnpKLiFqI8wM/4v:GLw1hFfwMrQOS5fVnpKGFm/K
Score

10^/10

xworm rat trojan
- Detect Xworm Payload
- Xworm
  Xworm is a remote access trojan written in C#.
  trojan rat xworm
- Xworm family
  xworm
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Loads dropped DLL
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2

© 2018-2025

Terms | Privacy