xworm | ac558d55b305c66a8dce08527dd1ddf929c4a66ee8cc33a893f127e211bc21a9 | Triage

Submit
Reports

Overview

overview

Static

static

3

apex launcher.exe

windows10-2004-x64

Sharing

Copy URL Twitter E-mail

General

Target

apex launcher.exe
Size

38KB
Sample

250520-1wqr9sxpz3
MD5

7f11a2c12c1124c02d4ae05d748f581c
SHA1

c9a0d0a40d03f0e130c6f3dfd3b61dc76c810bd7
SHA256

ac558d55b305c66a8dce08527dd1ddf929c4a66ee8cc33a893f127e211bc21a9
SHA512

2e54625e5d29aba3f87435e8a2256918f745678c01628dcdd00744f938b6f653e986ca8e1f4c07dcc5f47e05305620b3855c60a436df3f51e0272d676f40f6dc
SSDEEP

768:xtMkC1zgeJoS7o8kel0HfzvXPodTYdk1F5K5A40IbZD+KK:xtMvguoSZn4odTtB40IbZVK

Score

10^/10

xworm defense_evasion discovery rat trojan

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

apex launcher.exe

Resource

win10v2004-20250502-en

xworm defense_evasion discovery rat trojan

windows10-2004-x64

12 signatures

150 seconds

Malware Config

Extracted

Family

xworm

Version

5.0

Mutex

zvPgopnwRBeLqFpF

Attributes

install_file
USB.exe
pastebin_url
https://pastebin.com/raw/8b1GW10U

aes.plain

Targets

- Target
  
  apex launcher.exe
- Size
  
  38KB
- MD5
  
  7f11a2c12c1124c02d4ae05d748f581c
- SHA1
  
  c9a0d0a40d03f0e130c6f3dfd3b61dc76c810bd7
- SHA256
  
  ac558d55b305c66a8dce08527dd1ddf929c4a66ee8cc33a893f127e211bc21a9
- SHA512
  
  2e54625e5d29aba3f87435e8a2256918f745678c01628dcdd00744f938b6f653e986ca8e1f4c07dcc5f47e05305620b3855c60a436df3f51e0272d676f40f6dc
- SSDEEP
  
  768:xtMkC1zgeJoS7o8kel0HfzvXPodTYdk1F5K5A40IbZD+KK:xtMvguoSZn4odTtB40IbZVK
Score

10^/10

xworm defense_evasion discovery rat trojan
- Detect Xworm Payload
- Xworm
  Xworm is a remote access trojan written in C#.
  trojan rat xworm
- Xworm family
  xworm
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Legitimate hosting services abused for malware hosting/C2
- Obfuscated Files or Information: Command Obfuscation
  Adversaries may obfuscate content during command execution to impede detection.
  defense_evasion
behavioral1

MITRE ATT&CK Enterprise v16

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Obfuscated Files or Information

Command Obfuscation

Credential Access

Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Web Service

Exfiltration

Impact

Tasks

static1

behavioral1

xwormdefense_evasiondiscoveryrattrojan

© 2018-2025

Terms | Privacy