xworm | c308aabfd0bfd536a2cfdf1bf35d36715f169b64b0ab9b9503b07d47513f8230 | Triage

Submit
Reports

Overview

overview

Static

static

xclient.exe

windows11-21h2-x64

Sharing

General

Target

xclient.exe
Size

45KB
Sample

241103-3hxd1awqbv
MD5

b141baa00b85c15eb4c828d5cd972542
SHA1

22944d11f5cd2522a12bfa8a3416226664387bea
SHA256

c308aabfd0bfd536a2cfdf1bf35d36715f169b64b0ab9b9503b07d47513f8230
SHA512

9052cde210a96eb4e0c270ec0ee189723bdb0229c503287c716635c7733ff1fb38062620ebfe5363ad327719c9bbe050a194c0f3995e4b06e761877defaa8578
SSDEEP

768:NurlDweV3OOVbADM9W1v9NfgkBpuAuREcNcFhlVvD4xeVhKfkgLbFEPa9pv+ia6x:NADweQKADMkV9GkSAcRaPlZrOD/FJ9Nl

Score

10^/10

xworm rat trojan

Static task

static1

3 signatures

Behavioral task

behavioral1

Sample

xclient.exe

Resource

win11-20241007-en

xworm rat trojan

windows11-21h2-x64

5 signatures

150 seconds

Malware Config

Extracted

Family

xworm

Version

5.0

C2

map-casio.gl.at.ply.gg:57345

Mutex

6k79uroDkY19S0VB

Attributes

Install_directory
%Public%
install_file
XClient.exe

aes.plain

Targets

- Target
  
  xclient.exe
- Size
  
  45KB
- MD5
  
  b141baa00b85c15eb4c828d5cd972542
- SHA1
  
  22944d11f5cd2522a12bfa8a3416226664387bea
- SHA256
  
  c308aabfd0bfd536a2cfdf1bf35d36715f169b64b0ab9b9503b07d47513f8230
- SHA512
  
  9052cde210a96eb4e0c270ec0ee189723bdb0229c503287c716635c7733ff1fb38062620ebfe5363ad327719c9bbe050a194c0f3995e4b06e761877defaa8578
- SSDEEP
  
  768:NurlDweV3OOVbADM9W1v9NfgkBpuAuREcNcFhlVvD4xeVhKfkgLbFEPa9pv+ia6x:NADweQKADMkV9GkSAcRaPlZrOD/FJ9Nl
Score

10^/10

xworm rat trojan
- Detect Xworm Payload
- Xworm
  Xworm is a remote access trojan written in C#.
  trojan rat xworm
- Xworm family
  xworm
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
behavioral1

MITRE ATT&CK Matrix

Tasks

static1

behavioral1

© 2018-2025

Terms | Privacy