xworm | 98c231ec31e14edf367af1119d64926586b5b2a8222ed2d7389096d9e1b8b9d0 | Triage

Submit
Reports

Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

Static

static

3

k4hPxVAnnV0HVYi.exe

windows10-2004-x64

Sharing

General

Target

k4hPxVAnnV0HVYi.exe
Size

954KB
Sample

250309-pscwfs1vev
MD5

b4ac3a4fe82677f2d8a9c3c0b9d384af
SHA1

cd70a1c4bbf4aec1445271cee929cd32d6166140
SHA256

98c231ec31e14edf367af1119d64926586b5b2a8222ed2d7389096d9e1b8b9d0
SHA512

faa6c43813cdf1b5b116da42bf33316e544ac454f54494363dfd580c1d50a08b60f84ab1a29159c5137d59ed364991868f275020e76aae6e71459883b1f1ec8b
SSDEEP

12288:wYLOaLmfaNua2QSxDv0iDfPcVMarVXfAKO97GZXUKCBGn9rLWtb8tth0M/M4:wgRifaN12PxDv0sfPjvJ7ETWCra

Score

10^/10

xworm discovery rat trojan

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

k4hPxVAnnV0HVYi.exe

Resource

win10v2004-20250217-en

xworm discovery rat trojan

windows10-2004-x64

9 signatures

150 seconds

Malware Config

Extracted

Family

xworm

C2

23.84.85.170:1738

Attributes

Install_directory
%Temp%

Targets

- Target
  
  k4hPxVAnnV0HVYi.exe
- Size
  
  954KB
- MD5
  
  b4ac3a4fe82677f2d8a9c3c0b9d384af
- SHA1
  
  cd70a1c4bbf4aec1445271cee929cd32d6166140
- SHA256
  
  98c231ec31e14edf367af1119d64926586b5b2a8222ed2d7389096d9e1b8b9d0
- SHA512
  
  faa6c43813cdf1b5b116da42bf33316e544ac454f54494363dfd580c1d50a08b60f84ab1a29159c5137d59ed364991868f275020e76aae6e71459883b1f1ec8b
- SSDEEP
  
  12288:wYLOaLmfaNua2QSxDv0iDfPcVMarVXfAKO97GZXUKCBGn9rLWtb8tth0M/M4:wgRifaN12PxDv0sfPjvJ7ETWCra
Score

10^/10

xworm discovery rat trojan
- Detect Xworm Payload
- Xworm
  Xworm is a remote access trojan written in C#.
  trojan rat xworm
- Xworm family
  xworm
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
- Suspicious use of SetThreadContext
behavioral1

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

xwormdiscoveryrattrojan

© 2018-2025

Terms | Privacy