xworm | 82f0fb933a96858aabe6b741c889611583a0a11132ee6ecd70909fc0aa6cf534 | Triage

Submit
Reports

Overview

overview

Static

static

XClient.exe

windows7-x64

XClient.exe

windows10-2004-x64

Sharing

Copy URL Twitter E-mail

General

Target

XClient.exe
Size

65KB
Sample

240422-be7a9adc83
MD5

f89900bee0847f4f1e23b1bfda0e7f24
SHA1

24dd536801cff4b3b92276a52a9280069290149a
SHA256

82f0fb933a96858aabe6b741c889611583a0a11132ee6ecd70909fc0aa6cf534
SHA512

bba995bfb14d6d79b8f4feb0934888d2e5d39d7c945cce2046e842a0c0240cc14a9998c3d18093c29ca36c840f580058518df341e0dca3f5452fdc7fcacdcc3a
SSDEEP

1536:/JPMoSzJ4aZfY0by1DLub8ldJJIrlXOF3+v/:BZcJm0WxSb8elXOhW/

Score

10^/10

xworm bootkit persistence rat trojan

Static task

static1

3 signatures

Behavioral task

behavioral1

Sample

XClient.exe

Resource

win7-20240221-en

xworm persistence rat trojan

windows7-x64

12 signatures

150 seconds

Behavioral task

behavioral2

Sample

XClient.exe

Resource

win10v2004-20240412-en

xworm bootkit persistence rat trojan

windows10-2004-x64

21 signatures

150 seconds

Malware Config

Extracted

Family

xworm

C2

127.0.0.1:33920

original-taught.gl.at.ply.gg:33920

Attributes

Install_directory
%AppData%
install_file
FreePornHubPremium.exe

Targets

- Target
  
  XClient.exe
- Size
  
  65KB
- MD5
  
  f89900bee0847f4f1e23b1bfda0e7f24
- SHA1
  
  24dd536801cff4b3b92276a52a9280069290149a
- SHA256
  
  82f0fb933a96858aabe6b741c889611583a0a11132ee6ecd70909fc0aa6cf534
- SHA512
  
  bba995bfb14d6d79b8f4feb0934888d2e5d39d7c945cce2046e842a0c0240cc14a9998c3d18093c29ca36c840f580058518df341e0dca3f5452fdc7fcacdcc3a
- SSDEEP
  
  1536:/JPMoSzJ4aZfY0by1DLub8ldJJIrlXOF3+v/:BZcJm0WxSb8elXOhW/
Score

10^/10

xworm persistence rat trojan bootkit
- Detect Xworm Payload
- Xworm
  Xworm is a remote access trojan written in C#.
  trojan rat xworm
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Drops startup file
- Executes dropped EXE
- Adds Run key to start application
  persistence
- Writes to the Master Boot Record (MBR)
  Bootkits write to the MBR to gain persistence at a level below the operating system.
  bootkit persistence
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Scheduled Task/Job

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Pre-OS Boot

Bootkit

Scheduled Task/Job

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Scheduled Task/Job

Defense Evasion

Modify Registry

Pre-OS Boot

Bootkit

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

xwormpersistencerattrojan

behavioral2

xwormbootkitpersistencerattrojan

© 2018-2025

Terms | Privacy