xworm | 5dc20ed9d6ac1625289cf844fa7b333f39468610e9400a87801e62150477269b | Triage

Submit
Reports

Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

Static

static

XClient(2).exe

windows10-2004-x64

Sharing

General

Target

XClient(2).exe
Size

39KB
Sample

231021-s83ctsfd8v
MD5

d7b4762c5762acf9e2f81bab771a83de
SHA1

cf3ee942c13aafb720013ca208fcb27777cc1f83
SHA256

5dc20ed9d6ac1625289cf844fa7b333f39468610e9400a87801e62150477269b
SHA512

6b21f7b64387e450baf3425e7a378000920c412621cb4add8979e2c018410ea853d068c75d26ecddbaa75987a6972f2e148b686f18d60ce425fc28dbee011b7d
SSDEEP

768:ae8A4X7P7DHAKPCt/kXE8UjF5Ph9C2B6FOwhaICBHCgc+:BQXXMB1wtUFD9VB6FOwjMiI

Score

10^/10

xworm rat trojan

Static task

static1

3 signatures

Behavioral task

behavioral1

Sample

XClient(2).exe

Resource

win10v2004-20231020-ja

xworm rat trojan

windows10-2004-x64

2 signatures

300 seconds

Malware Config

Extracted

Family

xworm

Version

3.0

C2

reference-tokyo.at.ply.gg:3329

Mutex

MCeJ4wdHznLtXEja

Attributes

Install_directory
%AppData%
install_file
USB.exe

aes.plain

Targets

- Target
  
  XClient(2).exe
- Size
  
  39KB
- MD5
  
  d7b4762c5762acf9e2f81bab771a83de
- SHA1
  
  cf3ee942c13aafb720013ca208fcb27777cc1f83
- SHA256
  
  5dc20ed9d6ac1625289cf844fa7b333f39468610e9400a87801e62150477269b
- SHA512
  
  6b21f7b64387e450baf3425e7a378000920c412621cb4add8979e2c018410ea853d068c75d26ecddbaa75987a6972f2e148b686f18d60ce425fc28dbee011b7d
- SSDEEP
  
  768:ae8A4X7P7DHAKPCt/kXE8UjF5Ph9C2B6FOwhaICBHCgc+:BQXXMB1wtUFD9VB6FOwjMiI
Score

10^/10

xworm rat trojan
- Detect Xworm Payload
- Xworm
  Xworm is a remote access trojan written in C#.
  trojan rat xworm
behavioral1

MITRE ATT&CK Matrix

Tasks

static1

behavioral1

© 2018-2025

Terms | Privacy