xworm | XClient[.]exe | Triage

Submit
Reports

Overview

overview

Static

static

XClient.exe

windows10-2004-x64

Sharing

Copy URL Twitter E-mail

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

XClient.exe

Resource

win10v2004-20230220-en

xworm persistence rat trojan

windows10-2004-x64

13 signatures

150 seconds

General

Target

XClient.exe
Size

66KB
MD5

ca857440145775e096a6c969cc1c37bc
SHA1

e0f58117a4c188578cf8ff93cd00c360eed9701f
SHA256

970d9f79f053723242bed11efcf4809a5d9ba46c4731611bed8fca22e74b4ffe
SHA512

e5c612cbfca5f1840a996ac8512abf5ecee55a5e0801580aa5d92b198ed8e3d69fb155cab45e656803a9c7fed092ea63ee51e1a674983f7d2bf94df1026ec46d
SSDEEP

1536:int6iY/bCDpszsM4XvQbgtjteN/1Qe6JJO+6SjR8aH:intnDpszsM4/Qbghto1Q7O+LnH

Score

10^/10

xworm

Malware Config

Extracted

Family

xworm

C2

soon-lp.at.ply.gg:17209

Attributes

install_file
USB.exe

Signatures

Xworm family
xworm

Files

XClient.exe
.exe windows x86

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

mscoree

_CorExeMain

Sections

.text
Size: 63KB - Virtual size: 63KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

© 2018-2025

Terms | Privacy