Extracted

• • Target

    XClient.exe

  • Size

    55KB

  • MD5

    a10ca252aac3f3b1d7d4e11bcf9b08e9

  • SHA1

    b960c51b4047c155fccdc60e535cebcc446542fb

  • SHA256

    2e497a902a5ade2b211974bd43c3be9689b64c7f9896aebe7c249f08a5dd44a2

  • SHA512

    fcfda0f804cb5f0b0325c4ca67172b68ecf6c4fe06c3854b7d091a754ee24a355ef723bf0ac4317263415426ad0f76c888917708b17b5ed5103520dc866fb164

  • SSDEEP

    1536:pEGX0joWEkDkAHnjtM63b5SE8I586LOh6aTqn2m:pEGX0joWTkABMEb5SUO3q2m

  Score

  10^/10

  xwormpersistencerattrojan

  • Xworm

    Xworm is a remote access trojan written in C#.

    trojanratxworm

  • Drops startup file

  • Executes dropped EXE

  • Adds Run key to start application

    persistence

  • Looks up external IP address via web service

    Uses a legitimate IP lookup service to find the infected system's external IP.

  behavioral1behavioral2