Overview

overview

10

Static

static

10

XClient.exe

windows10-2004-x64

10

XClient.exe

windows11-21h2-x64

10

Resubmissions

20/12/2023, 05:27

231220-f5ndaadfap 10

20/12/2023, 05:24

231220-f37ddadecp 10

Analysis

  • max time kernel
    20s
  • max time network
    23s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20231215-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
  • submitted
    20/12/2023, 05:24

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    XClient.exe

  • Size

    33KB

  • MD5

    66bd8238a2177758528a96b77ea090cf

  • SHA1

    17a6c0f87a9e17d4bd2220818cae3c6797a1b222

  • SHA256

    73f6543eb0648b63f8f2f0920c3fd9d968d43c367758b45a6133dd181fa81e88

  • SHA512

    ed3ee27edb2768dcf3ae71f37c451b495f518847f18bc997b92857ae15fb3bf410984ba1ff88272f6e0f3326273b2574d09946d2ea4c1135497c67069338aa54

  • SSDEEP

    384:6E8PQ9Ba+vNuntf98d6ILj7CM42pfL3iB7OxVqWmRApkFXBLTsOZwpGN2v99IkuY:EUa+vNohsXn42JiB70cVF49jeOjhabs

Score
10/10
xwormrattrojan

Malware Config

Extracted

Family

xworm

Version

5.0

C2

2.tcp.ngrok.io:19809

Mutex

cuIs5agEciWOTAUC

Attributes
  • install_file

    USB.exe

aes.plain

Signatures

  • Detect Xworm Payload 1 IoCs
  • Xworm

    Xworm is a remote access trojan written in C#.

    trojanratxworm
  • Legitimate hosting services abused for malware hosting/C2 1 TTPs
  • Suspicious use of AdjustPrivilegeToken 1 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\XClient.exe
    "C:\Users\Admin\AppData\Local\Temp\XClient.exe"
    1⤵
    • Suspicious use of AdjustPrivilegeToken
    PID:4496

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/4496-0-0x00000000006C0000-0x00000000006CE000-memory.dmp

    Filesize

    56KB

    Download

  • memory/4496-1-0x00007FFACE960000-0x00007FFACF421000-memory.dmp

    Filesize

    10.8MB

    Download

  • memory/4496-2-0x000000001B410000-0x000000001B420000-memory.dmp

    Filesize

    64KB

    Download