Overview

overview

10

Static

static

10

XClient.exe

windows7-x64

10

XClient.exe

windows10-2004-x64

10

Sharing

Copy URL Twitter E-mail

General

  • Target

    XClient.exe

  • Size

    75KB

  • Sample

    240928-lqqsrayfrq

  • MD5

    41d94d38b91f400b48399da38b368a6e

  • SHA1

    23e16dd89972db645359608d5291eea7180c6f1e

  • SHA256

    003b070eb19f39740c3a2bfb919d312574b6383088d7c2d6fa38e4cdf8dbbcd9

  • SHA512

    daf08f3b50c7177ed2ad70c024f92e268dee0bedb34e2f18132dfd9c33ac89ce7761a9ebd6e30240cc64cc5b9069a67f40b04f3f07e9fbfbec1502757d6db927

  • SSDEEP

    1536:+9cnEecI0EcvJ9zQnpGrHkbo2ZONDLd6U3OOxJUlC/QJJQ:+9cnExwTnpGrEbLZ4DjeOxJZ4I

Score
10/10
xwormrattrojan

Malware Config

Extracted

Family

xworm

Attributes
  • Install_directory

    %Userprofile%

  • install_file

    svchost.exe

  • pastebin_url

    https://pastebin.com/raw/XMykaS1G

Targets

    • Target

      XClient.exe

    • Size

      75KB

    • MD5

      41d94d38b91f400b48399da38b368a6e

    • SHA1

      23e16dd89972db645359608d5291eea7180c6f1e

    • SHA256

      003b070eb19f39740c3a2bfb919d312574b6383088d7c2d6fa38e4cdf8dbbcd9

    • SHA512

      daf08f3b50c7177ed2ad70c024f92e268dee0bedb34e2f18132dfd9c33ac89ce7761a9ebd6e30240cc64cc5b9069a67f40b04f3f07e9fbfbec1502757d6db927

    • SSDEEP

      1536:+9cnEecI0EcvJ9zQnpGrHkbo2ZONDLd6U3OOxJUlC/QJJQ:+9cnExwTnpGrEbLZ4DjeOxJZ4I

    Score
    10/10
    xwormrattrojan

    • Detect Xworm Payload

    • Xworm

      Xworm is a remote access trojan written in C#.

      trojanratxworm

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks