xworm | 1ecfc67454976bdf26726bad12402afd06b10ec56f42c849d8caa5bb40d45af2 | Triage

Submit
Reports

Overview

overview

Static

static

XClient.exe

windows10-ltsc 2021-x64

Sharing

General

Target

XClient.exe
Size

45KB
Sample

241108-lybzkazjhw
MD5

251a3a7c87d52e34836b0ff9c32dc81a
SHA1

e074312c07386fda27e904c9d1a1e73b2de8a15c
SHA256

1ecfc67454976bdf26726bad12402afd06b10ec56f42c849d8caa5bb40d45af2
SHA512

2bc3b6a76bfb0af5f77094bc34f1f7b75496d0273c52e0f304e2badf387ac7f6d4eeeca30d08d490ea715c9a275493d15b09b9f3243633b9d84de844e561657d
SSDEEP

768:uabG5pfJFqBb6CoE0RwnuU5rFXNEPg+WByp9bdY5wuI6QhOOKOPm5:uqG5oBDorRwuU5rta0C9b65u6QsORPm5

Score

10^/10

xworm rat trojan

Static task

static1

3 signatures

Behavioral task

behavioral1

Sample

XClient.exe

Resource

win10ltsc2021-20241023-en

xworm rat trojan

windows10-ltsc 2021-x64

5 signatures

150 seconds

Malware Config

Extracted

Family

xworm

Version

5.0

C2

23.ip.gl.ply.gg:51779

Mutex

OkenSiQzShSsAtBp

Attributes

Install_directory
%AppData%
install_file
svchost.exe

aes.plain

Targets

- Target
  
  XClient.exe
- Size
  
  45KB
- MD5
  
  251a3a7c87d52e34836b0ff9c32dc81a
- SHA1
  
  e074312c07386fda27e904c9d1a1e73b2de8a15c
- SHA256
  
  1ecfc67454976bdf26726bad12402afd06b10ec56f42c849d8caa5bb40d45af2
- SHA512
  
  2bc3b6a76bfb0af5f77094bc34f1f7b75496d0273c52e0f304e2badf387ac7f6d4eeeca30d08d490ea715c9a275493d15b09b9f3243633b9d84de844e561657d
- SSDEEP
  
  768:uabG5pfJFqBb6CoE0RwnuU5rFXNEPg+WByp9bdY5wuI6QhOOKOPm5:uqG5oBDorRwuU5rta0C9b65u6QsORPm5
Score

10^/10

xworm rat trojan
- Detect Xworm Payload
- Xworm
  Xworm is a remote access trojan written in C#.
  trojan rat xworm
- Xworm family
  xworm
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
behavioral1

MITRE ATT&CK Matrix

Tasks

static1

behavioral1

© 2018-2025

Terms | Privacy