xworm | e10d23d5da319f888ea91736129672e90445b935c62dbc945dd1d22b88a78e24 | Triage

Submit
Reports

Overview

overview

Static

static

XClient.exe

windows10-ltsc 2021-x64

Sharing

General

Target

XClient.exe
Size

36KB
Sample

241103-y5966atgml
MD5

76abc5eee266baab28bed67c7b6b9f5b
SHA1

4314935d1cc93032cec978a80bcd4437c35520dd
SHA256

e10d23d5da319f888ea91736129672e90445b935c62dbc945dd1d22b88a78e24
SHA512

dec42cda9f35d322365d92e8c36a2c1735d8a957a1a061ca74fb8364b186ff29330c5dff10b49d1cc2cda453c2232ca296a8321840acd737ceb5a58abf8d92c3
SSDEEP

768:8T1ZDbYFdqCoYa+QRz7pudDxZEQy1UrILFyW9fsmOjhRPya:GZ4RZQR/2rTiU+Fv9ftOjPz

Score

10^/10

xworm rat trojan

Static task

static1

3 signatures

Behavioral task

behavioral1

Sample

XClient.exe

Resource

win10ltsc2021-20241023-en

xworm rat trojan

windows10-ltsc 2021-x64

5 signatures

300 seconds

Malware Config

Extracted

Family

xworm

Version

5.0

C2

147.185.221.21:27469

Mutex

w9KNWkqQKRSrP7eA

Attributes

Install_directory
%Temp%
install_file
System.exe

aes.plain

Targets

- Target
  
  XClient.exe
- Size
  
  36KB
- MD5
  
  76abc5eee266baab28bed67c7b6b9f5b
- SHA1
  
  4314935d1cc93032cec978a80bcd4437c35520dd
- SHA256
  
  e10d23d5da319f888ea91736129672e90445b935c62dbc945dd1d22b88a78e24
- SHA512
  
  dec42cda9f35d322365d92e8c36a2c1735d8a957a1a061ca74fb8364b186ff29330c5dff10b49d1cc2cda453c2232ca296a8321840acd737ceb5a58abf8d92c3
- SSDEEP
  
  768:8T1ZDbYFdqCoYa+QRz7pudDxZEQy1UrILFyW9fsmOjhRPya:GZ4RZQR/2rTiU+Fv9ftOjPz
Score

10^/10

xworm rat trojan
- Detect Xworm Payload
- Xworm
  Xworm is a remote access trojan written in C#.
  trojan rat xworm
- Xworm family
  xworm
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
behavioral1

MITRE ATT&CK Matrix

Tasks

static1

behavioral1

© 2018-2025

Terms | Privacy