xworm | d6a8076c0859b43193eba0b71d1da545c16c64c735138d8ddeadaedfe90136fc | Triage

Submit
Reports

Overview

overview

Static

static

3

XClient.exe

windows10-ltsc 2021-x64

Sharing

General

Target

XClient.exe
Size

293KB
Sample

241108-wyfymaxcpm
MD5

a9e2c7349ceae0894c2636ac7c91d99a
SHA1

de535327d9486760e1bb42b48f84d677ae8a186d
SHA256

d6a8076c0859b43193eba0b71d1da545c16c64c735138d8ddeadaedfe90136fc
SHA512

67b4f65415d1b228ac93bcf482220067a1f3a3519ffc25df6687808b9d5143d8aa19ba797b96b9c08c6268058c07b3f074b2cf442c47f8874ffee54f8325765a
SSDEEP

3072:+pkJuuEpKi6m/PJivSaAFOg7lkjcWVig058YbEASbod9btj:

Score

10^/10

xworm rat trojan

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

XClient.exe

Resource

win10ltsc2021-20241023-en

xworm rat trojan

windows10-ltsc 2021-x64

7 signatures

150 seconds

Malware Config

Extracted

Family

xworm

C2

23.ip.gl.ply.gg:7000

Attributes

Install_directory
%Public%
install_file
svchost.exe

Targets

- Target
  
  XClient.exe
- Size
  
  293KB
- MD5
  
  a9e2c7349ceae0894c2636ac7c91d99a
- SHA1
  
  de535327d9486760e1bb42b48f84d677ae8a186d
- SHA256
  
  d6a8076c0859b43193eba0b71d1da545c16c64c735138d8ddeadaedfe90136fc
- SHA512
  
  67b4f65415d1b228ac93bcf482220067a1f3a3519ffc25df6687808b9d5143d8aa19ba797b96b9c08c6268058c07b3f074b2cf442c47f8874ffee54f8325765a
- SSDEEP
  
  3072:+pkJuuEpKi6m/PJivSaAFOg7lkjcWVig058YbEASbod9btj:
Score

10^/10

xworm rat trojan
- Detect Xworm Payload
- Xworm
  Xworm is a remote access trojan written in C#.
  trojan rat xworm
- Xworm family
  xworm
- Executes dropped EXE
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
behavioral1

MITRE ATT&CK Matrix

Tasks

static1

behavioral1

© 2018-2025

Terms | Privacy