Overview

overview

10

Static

static

10

XClient (1).exe

windows7-x64

XClient (1).exe

windows10-1703-x64

XClient (1).exe

windows10-2004-x64

XClient (1).exe

windows11-21h2-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    XClient (1).exe

  • Size

    33KB

  • Sample

    240609-1c92ssfh46

  • MD5

    af9a6f5f38051152a45f8ed13920ba6a

  • SHA1

    7aa9294f113642de5b85d7623cf022e23d8465b8

  • SHA256

    73a25e9ea9ab8041e1cf327ec49c93fccb61b740c671342d0988b4aea4234a0f

  • SHA512

    1204ff66a9c87bd771dd7f9028d98713f035f2ca7d6827f9587869e3c7444481f45e4592ad8ec50c9ce1f7c7b2ad27057784630d74ba0b6e28610d77980d73d4

  • SSDEEP

    768:qUa+vNohsXn42JiB702VF49j2eOjh7bD:BvNohsn4WiR08F49jFOj1v

Score
10/10
xwormrattrojan

Malware Config

Extracted

Family

xworm

Version

5.0

C2

20.ip.gl.ply.gg:17450

Mutex

L3VuRLbYt9e8whkS

Attributes
  • install_file

    USB.exe

aes.plain

Targets

    • Target

      XClient (1).exe

    • Size

      33KB

    • MD5

      af9a6f5f38051152a45f8ed13920ba6a

    • SHA1

      7aa9294f113642de5b85d7623cf022e23d8465b8

    • SHA256

      73a25e9ea9ab8041e1cf327ec49c93fccb61b740c671342d0988b4aea4234a0f

    • SHA512

      1204ff66a9c87bd771dd7f9028d98713f035f2ca7d6827f9587869e3c7444481f45e4592ad8ec50c9ce1f7c7b2ad27057784630d74ba0b6e28610d77980d73d4

    • SSDEEP

      768:qUa+vNohsXn42JiB702VF49j2eOjh7bD:BvNohsn4WiR08F49jFOj1v

    Score
    10/10
    xwormrattrojan

    • Detect Xworm Payload

    • Xworm

      Xworm is a remote access trojan written in C#.

      trojanratxworm

    • Loads dropped DLL

    behavioral1behavioral2behavioral3behavioral4

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

3
T1012

System Information Discovery

2
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks