Overview

overview

10

Static

static

10

XClient.exe

windows10-ltsc 2021-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    XClient.exe

  • Size

    37KB

  • Sample

    241103-an59wayphy

  • MD5

    3192699219fce9572a223011c8063cf4

  • SHA1

    666d5d239a5546e61033a71c96b8fed0173185f4

  • SHA256

    2b624e9c6e2d7bb3bb2d96482f21ee05143124183ecf0b68407348ae485a1bf0

  • SHA512

    9f304aa16c311df133985bf1e039e0a09f4d3b32ef6d3a1fd5a2f61aedc301d036293cd63f384b74c77f276fd6766804481eab053e454bf83f7d4baa1abce204

  • SSDEEP

    768:hTafJRPSlKImYO2DXFyp9ORvo6YOjhsPyVGc:hTKJqM2TF09Mvo6YOjmJc

Score
10/10
xwormrattrojan

Malware Config

Extracted

Family

xworm

Version

5.0

C2

ensure-manual.gl.at.ply.gg:9321

Mutex

NY0XE2QCMDcXK1Wm

Attributes
  • Install_directory

    %AppData%

  • install_file

    dllhost.exe

aes.plain

Targets

    • Target

      XClient.exe

    • Size

      37KB

    • MD5

      3192699219fce9572a223011c8063cf4

    • SHA1

      666d5d239a5546e61033a71c96b8fed0173185f4

    • SHA256

      2b624e9c6e2d7bb3bb2d96482f21ee05143124183ecf0b68407348ae485a1bf0

    • SHA512

      9f304aa16c311df133985bf1e039e0a09f4d3b32ef6d3a1fd5a2f61aedc301d036293cd63f384b74c77f276fd6766804481eab053e454bf83f7d4baa1abce204

    • SSDEEP

      768:hTafJRPSlKImYO2DXFyp9ORvo6YOjhsPyVGc:hTKJqM2TF09Mvo6YOjmJc

    Score
    10/10
    xwormrattrojan

    • Detect Xworm Payload

    • Xworm

      Xworm is a remote access trojan written in C#.

      trojanratxworm

    • Xworm family

      xworm

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    behavioral1

MITRE ATT&CK Matrix

Tasks