xworm | 9d4a804399083cb6138e7966fef7998a31e316549095912baf15ba72bc80a0bc | Triage

Submit
Reports

Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

Static

static

WizClient.exe

windows11-21h2-x64

Sharing

General

Target

WizClient.pif
Size

77KB
Sample

250310-jb9wzaxtf1
MD5

58b593c1d0cd9c44e78fe6cfd4918045
SHA1

8143d58358b57934898324835a24d560c88fb65b
SHA256

9d4a804399083cb6138e7966fef7998a31e316549095912baf15ba72bc80a0bc
SHA512

adbc535e76a8514d5cada91cc18ef8362c3695d7d29f06f5badfdb53df51032e5a24613375c13d46399ccef203a814fa281c0816db463bd87c88242e5227b173
SSDEEP

1536:LM4iUQV1vNmFTn9MLbZkp6J1HozLUMJ34cw6Lp/OMlnalDk:LM7YobZkp6Ji7J34cJp/OMlwDk

Score

10^/10

xworm rat trojan

Static task

static1

3 signatures

Behavioral task

behavioral1

Sample

WizClient.exe

Resource

win11-20250218-en

xworm rat trojan

windows11-21h2-x64

5 signatures

150 seconds

Malware Config

Extracted

Family

xworm

C2

116.251.133.7:27572

Attributes

Install_directory
%ProgramData%
install_file
USB.exe

Targets

- Target
  
  WizClient.pif
- Size
  
  77KB
- MD5
  
  58b593c1d0cd9c44e78fe6cfd4918045
- SHA1
  
  8143d58358b57934898324835a24d560c88fb65b
- SHA256
  
  9d4a804399083cb6138e7966fef7998a31e316549095912baf15ba72bc80a0bc
- SHA512
  
  adbc535e76a8514d5cada91cc18ef8362c3695d7d29f06f5badfdb53df51032e5a24613375c13d46399ccef203a814fa281c0816db463bd87c88242e5227b173
- SSDEEP
  
  1536:LM4iUQV1vNmFTn9MLbZkp6J1HozLUMJ34cw6Lp/OMlnalDk:LM7YobZkp6Ji7J34cJp/OMlwDk
Score

10^/10

xworm rat trojan
- Detect Xworm Payload
- Xworm
  Xworm is a remote access trojan written in C#.
  trojan rat xworm
- Xworm family
  xworm
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
behavioral1

MITRE ATT&CK Matrix

Tasks

static1

behavioral1

© 2018-2025

Terms | Privacy