Overview

overview

10

Static

static

10

XClient.exe

windows10-2004-x64

10

XClient.exe

windows7-x64

10

XClient.exe

windows10-1703-x64

10

XClient.exe

windows10-2004-x64

10

XClient.exe

windows11-21h2-x64

10

Resubmissions

21-05-2024 16:26

240521-txyqyabf56 10

21-05-2024 16:11

240521-tm8s6abe3x 10

21-05-2024 16:06

240521-tkknjsbc68 10

21-05-2024 16:02

240521-tg8k7sbb83 10

21-05-2024 15:59

240521-tfbj3sbb35 10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    XClient.exe

  • Size

    32KB

  • Sample

    240521-tkknjsbc68

  • MD5

    796d46d24a498cbd5c0161979b6b97ae

  • SHA1

    0bad45e27d99ab1900cbb99bd97895c2286f7c53

  • SHA256

    1e3b4846c9c304c0ea408381e99c1f80940cdd7e3d30170afd23ab492bfd5d13

  • SHA512

    0046a95e056a3e7385d46fd383e3bc48b0b6891726d2dbcb2901139af5c9d1a3bb415446fc236b68cbf0a87cc13185f6fb2604447f02228c9c1f92f67a0593d4

  • SSDEEP

    384:5YxRXcrP31VZBELRUnvJff3cdiwOURJpkFTBLToOZwxJd2v99IkuisuVFxOjhlbD:lPjgRevJ3cdIUGF/9jTOjhlbD

Score
10/10
xwormrattrojan

Malware Config

Extracted

Family

xworm

Version

5.0

Mutex

ee7Mn1pG1AADdFhL

Attributes
  • install_file

    USB.exe

  • pastebin_url

    https://pastebin.com/raw/LY8grq3Z

aes.plain

Targets

    • Target

      XClient.exe

    • Size

      32KB

    • MD5

      796d46d24a498cbd5c0161979b6b97ae

    • SHA1

      0bad45e27d99ab1900cbb99bd97895c2286f7c53

    • SHA256

      1e3b4846c9c304c0ea408381e99c1f80940cdd7e3d30170afd23ab492bfd5d13

    • SHA512

      0046a95e056a3e7385d46fd383e3bc48b0b6891726d2dbcb2901139af5c9d1a3bb415446fc236b68cbf0a87cc13185f6fb2604447f02228c9c1f92f67a0593d4

    • SSDEEP

      384:5YxRXcrP31VZBELRUnvJff3cdiwOURJpkFTBLToOZwxJd2v99IkuisuVFxOjhlbD:lPjgRevJ3cdIUGF/9jTOjhlbD

    Score
    10/10
    xwormrattrojan

    • Detect Xworm Payload

    • Xworm

      Xworm is a remote access trojan written in C#.

      trojanratxworm

    • Executes dropped EXE

    • Loads dropped DLL

    • Legitimate hosting services abused for malware hosting/C2

    behavioral1behavioral2behavioral3behavioral4behavioral5

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

2
T1082

Query Registry

1
T1012

Lateral Movement

Collection

Exfiltration

Command and Control

Web Service

1
T1102

Impact

Resource Development

Reconnaissance

Tasks