xworm | 1e3b4846c9c304c0ea408381e99c1f80940cdd7e3d30170afd23ab492bfd5d13 | Triage

Submit
Reports

Overview

overview

Static

static

XClient.exe

windows11-21h2-x64

Resubmissions

21-05-2024 16:26

240521-txyqyabf56 10

21-05-2024 16:11

240521-tm8s6abe3x 10

21-05-2024 16:06

240521-tkknjsbc68 10

21-05-2024 16:02

240521-tg8k7sbb83 10

21-05-2024 15:59

240521-tfbj3sbb35 10

Sharing

General

Target

XClient.exe
Size

32KB
Sample

240521-tfbj3sbb35
MD5

796d46d24a498cbd5c0161979b6b97ae
SHA1

0bad45e27d99ab1900cbb99bd97895c2286f7c53
SHA256

1e3b4846c9c304c0ea408381e99c1f80940cdd7e3d30170afd23ab492bfd5d13
SHA512

0046a95e056a3e7385d46fd383e3bc48b0b6891726d2dbcb2901139af5c9d1a3bb415446fc236b68cbf0a87cc13185f6fb2604447f02228c9c1f92f67a0593d4
SSDEEP

384:5YxRXcrP31VZBELRUnvJff3cdiwOURJpkFTBLToOZwxJd2v99IkuisuVFxOjhlbD:lPjgRevJ3cdIUGF/9jTOjhlbD

Score

10^/10

xworm rat trojan

Static task

static1

3 signatures

Behavioral task

behavioral1

Sample

XClient.exe

Resource

win11-20240426-en

xworm rat trojan

windows11-21h2-x64

14 signatures

300 seconds

Malware Config

Extracted

Family

xworm

Version

5.0

Mutex

ee7Mn1pG1AADdFhL

Attributes

install_file
USB.exe
pastebin_url
https://pastebin.com/raw/LY8grq3Z

aes.plain

Targets

- Target
  
  XClient.exe
- Size
  
  32KB
- MD5
  
  796d46d24a498cbd5c0161979b6b97ae
- SHA1
  
  0bad45e27d99ab1900cbb99bd97895c2286f7c53
- SHA256
  
  1e3b4846c9c304c0ea408381e99c1f80940cdd7e3d30170afd23ab492bfd5d13
- SHA512
  
  0046a95e056a3e7385d46fd383e3bc48b0b6891726d2dbcb2901139af5c9d1a3bb415446fc236b68cbf0a87cc13185f6fb2604447f02228c9c1f92f67a0593d4
- SSDEEP
  
  384:5YxRXcrP31VZBELRUnvJff3cdiwOURJpkFTBLToOZwxJd2v99IkuisuVFxOjhlbD:lPjgRevJ3cdIUGF/9jTOjhlbD
Score

10^/10

xworm rat trojan
- Contains code to disable Windows Defender
  A .NET executable tasked with disabling Windows Defender capabilities such as realtime monitoring, blocking at first seen, etc.
- Detect Xworm Payload
- Xworm
  Xworm is a remote access trojan written in C#.
  trojan rat xworm
- Executes dropped EXE
- Legitimate hosting services abused for malware hosting/C2
behavioral1

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Web Service

Exfiltration

Impact

Tasks

static1

behavioral1

© 2018-2024

Terms | Privacy