xworm | e1a08988b3576c62be060b2b616d3ccae01e32484e5206e98cd18c00350f1042 | Triage

Submit
Reports

Overview

overview

Static

static

XClient.exe

windows11-21h2-x64

Sharing

General

Target

XClient.exe
Size

70KB
Sample

240615-fefwhsyhqd
MD5

77e09e515d37ed1137977c0e3474c2ab
SHA1

1f3ab7181f22723e75aaa8ff95fa273de71e0cf8
SHA256

e1a08988b3576c62be060b2b616d3ccae01e32484e5206e98cd18c00350f1042
SHA512

3365e00fad9daf82b9d984e5ff28702643d3468ef4a4abf9a3dc1abf2328f837e93a262314a7862a8dc814bb1279eb825e7877b2f2fbcbc11840224c470bb622
SSDEEP

1536:y+6Nj6m3Gr/ecc7aW5bTnZ0Dj6lr7OSiJt9p:r4jAWcu5bTZuK/OSWz

Score

10^/10

xworm execution rat trojan

Static task

static1

3 signatures

Behavioral task

behavioral1

Sample

XClient.exe

Resource

win11-20240611-en

xworm execution rat trojan

windows11-21h2-x64

12 signatures

60 seconds

Malware Config

Extracted

Family

xworm

Attributes

Install_directory
%ProgramData%
install_file
rundll64.exe

Targets

- Target
  
  XClient.exe
- Size
  
  70KB
- MD5
  
  77e09e515d37ed1137977c0e3474c2ab
- SHA1
  
  1f3ab7181f22723e75aaa8ff95fa273de71e0cf8
- SHA256
  
  e1a08988b3576c62be060b2b616d3ccae01e32484e5206e98cd18c00350f1042
- SHA512
  
  3365e00fad9daf82b9d984e5ff28702643d3468ef4a4abf9a3dc1abf2328f837e93a262314a7862a8dc814bb1279eb825e7877b2f2fbcbc11840224c470bb622
- SSDEEP
  
  1536:y+6Nj6m3Gr/ecc7aW5bTnZ0Dj6lr7OSiJt9p:r4jAWcu5bTZuK/OSWz
Score

10^/10

xworm execution rat trojan
- Detect Xworm Payload
- Xworm
  Xworm is a remote access trojan written in C#.
  trojan rat xworm
- Command and Scripting Interpreter: PowerShell
  Run Powershell to modify Windows Defender settings to add exclusions for file extensions, paths, and processes.
  execution
- Executes dropped EXE
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
behavioral1

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Command and Scripting Interpreter

PowerShell

Scheduled Task/Job

Persistence

Scheduled Task/Job

Privilege Escalation

Scheduled Task/Job

Defense Evasion

Credential Access

Discovery

System Information Discovery

Query Registry

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks

static1

behavioral1

xwormexecutionrattrojan

© 2018-2024

Terms | Privacy