Overview

overview

10

Static

static

10

XClient.exe

windows7-x64

10

XClient.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    XClient.exe

  • Size

    36KB

  • Sample

    240609-z15xbafa6z

  • MD5

    1e3784e2eb9c27d3ca87b2df1946ab94

  • SHA1

    00fbc74b92b5f705cad087e381d25e3dd0d9d497

  • SHA256

    55c256c6d8ba0ed731f3fcfe5c2f25c0020b92167b1bc84cd286da660a64cce5

  • SHA512

    59e86616084f8466d22f21105ccd1e80f77dbb67f01b6b4e1d3c58dcb4725e7a3f91737e5b98446425b8f3c04782b588f1bca1938168f0069da42dfb7ccef9b0

  • SSDEEP

    768:mHqkN8BIqXDERt8kqlggFyP9Cy9rOjhbb+GhF:mHqPBhXDwpkFk9CytOjoMF

Score
10/10
xwormrattrojan

Malware Config

Extracted

Family

xworm

Version

5.0

C2

lower-fisheries.gl.at.ply.gg:45093

Mutex

EEmB1ngV4VNAwuKL

Attributes
  • install_file

    USB.exe

  • telegram

    https://api.telegram.org/bot6840931665:AAGv7v7rX37B-ecRdyZwX93qMTKObEsmQ5o/sendMessage?chat_id=6840931665

aes.plain

Targets

    • Target

      XClient.exe

    • Size

      36KB

    • MD5

      1e3784e2eb9c27d3ca87b2df1946ab94

    • SHA1

      00fbc74b92b5f705cad087e381d25e3dd0d9d497

    • SHA256

      55c256c6d8ba0ed731f3fcfe5c2f25c0020b92167b1bc84cd286da660a64cce5

    • SHA512

      59e86616084f8466d22f21105ccd1e80f77dbb67f01b6b4e1d3c58dcb4725e7a3f91737e5b98446425b8f3c04782b588f1bca1938168f0069da42dfb7ccef9b0

    • SSDEEP

      768:mHqkN8BIqXDERt8kqlggFyP9Cy9rOjhbb+GhF:mHqPBhXDwpkFk9CytOjoMF

    Score
    10/10
    xwormrattrojan

    • Detect Xworm Payload

    • Xworm

      Xworm is a remote access trojan written in C#.

      trojanratxworm

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    behavioral1behavioral2

MITRE ATT&CK Matrix

Tasks