xworm | XClient[.]exe | Triage

Submit
Reports

Overview

overview

Static

static

XClient.exe

windows10-2004-x64

Sharing

Copy URL Twitter E-mail

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

XClient.exe

Resource

win10v2004-20230221-en

xworm persistence ransomware rat trojan

windows10-2004-x64

21 signatures

150 seconds

General

Target

XClient.exe
Size

41KB
MD5

f384b1011c2652faf0998273a76a4567
SHA1

dc7646ccd7380750f4a8e27d65bdbd967e5f3a34
SHA256

42743167706f548532525ae258cb1d28cd217cb8c0bb090bdb820d8ebfb8ccbd
SHA512

ea224f7f8fba7964b9e0b87955b5172f08ee2af03b101ce6a668664a234916f923d74a8e9c40cfec532ca938946208ebdae14c34bb9072697bb190756db014c4
SSDEEP

768:vpt57CRmM+m9V8HG9LZhR3FgAVvFRPh9y767OChVRlWXIt:vtkmYV8m919Fb9y767OCvXWa

Score

10^/10

xworm

Malware Config

Extracted

Family

xworm

C2

194.ip.ply.gg:54552

Mutex

eDngwB0OhHqwTv9B

Attributes

install_file
win64.exe

aes.plain

Signatures

Xworm family
xworm

Files

XClient.exe
.exe windows x86

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

mscoree

_CorExeMain

Sections

.text
Size: 39KB - Virtual size: 38KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

© 2018-2025

Terms | Privacy