Overview

overview

10

Static

static

10

xclient.exe

windows10-ltsc 2021-x64

10

xclient.exe

windows11-21h2-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    xclient.exe

  • Size

    45KB

  • Sample

    241103-3q8r1aybrj

  • MD5

    e69ef8f0a3871d18e270fbcd5401dda1

  • SHA1

    07efe1ecf83a2dc9a267734d2d514286e62355f2

  • SHA256

    94b4cfcdf07caa2e8675caf46180753385cf32ef6a35101e157baf37a31265b5

  • SHA512

    cc9e93cd46e102f20c51e37dd4a11c184b11683f78a2868c30adda26b94a86c922bb992373630e9117881d4e5656aeea364a7e6d502475832c954a9646f40bfd

  • SSDEEP

    768:VurlDweV3OOVbADM9W1v9NfgkBpuAuREcNcFhlVvD4xeVhKfkgLbFEPa9pv9656M:VADweQKADMkV9GkSAcRaPlZrOD/FJ9NG

Score
10/10
xwormrattrojan

Malware Config

Extracted

Family

xworm

Version

5.0

C2

map-casio.gl.at.ply.gg:7777

Mutex

b32hkSTFWuq9ZKpj

Attributes
  • Install_directory

    %Public%

  • install_file

    XClient.exe

aes.plain

Targets

    • Target

      xclient.exe

    • Size

      45KB

    • MD5

      e69ef8f0a3871d18e270fbcd5401dda1

    • SHA1

      07efe1ecf83a2dc9a267734d2d514286e62355f2

    • SHA256

      94b4cfcdf07caa2e8675caf46180753385cf32ef6a35101e157baf37a31265b5

    • SHA512

      cc9e93cd46e102f20c51e37dd4a11c184b11683f78a2868c30adda26b94a86c922bb992373630e9117881d4e5656aeea364a7e6d502475832c954a9646f40bfd

    • SSDEEP

      768:VurlDweV3OOVbADM9W1v9NfgkBpuAuREcNcFhlVvD4xeVhKfkgLbFEPa9pv9656M:VADweQKADMkV9GkSAcRaPlZrOD/FJ9NG

    Score
    10/10
    xwormrattrojan

    • Detect Xworm Payload

    • Xworm

      Xworm is a remote access trojan written in C#.

      trojanratxworm

    • Xworm family

      xworm

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    behavioral1behavioral2

MITRE ATT&CK Matrix

Tasks