xworm | fd7d13f4db3ee83d8adcd3a1de3d8cf7135563e889a5438882882cfb90983413 | Triage

Submit
Reports

Overview

overview

Static

static

XClient.exe

windows11-21h2-x64

Sharing

General

Target

XClient.exe
Size

72KB
Sample

241110-w3r7fsvram
MD5

e84ea1a720b6e323cd719883a7bc9a59
SHA1

7d9b1639bf6b4886dae466b7193189bc126d8296
SHA256

fd7d13f4db3ee83d8adcd3a1de3d8cf7135563e889a5438882882cfb90983413
SHA512

b92ab91a87f7359fdbee436695db74f1d00458ab9064fc7c737796bed199523a5bc0080ba653452287d2060f71f021cbaea951b0fdf40f6456994f3b5a81e6d0
SSDEEP

1536:tFjrzrPUMFIKBi3Ov+JplibWt5mHkTR6Q6TtkrwVO9dhLO:jjrzZOKBiribWFTR6zkUVO9/O

Score

10^/10

xworm rat trojan

Static task

static1

3 signatures

Behavioral task

behavioral1

Sample

XClient.exe

Resource

win11-20241007-en

xworm rat trojan

windows11-21h2-x64

5 signatures

1800 seconds

Malware Config

Extracted

Family

xworm

C2

147.185.221.23:9000

Attributes

Install_directory
%AppData%
install_file
SystemUser.exe

Targets

- Target
  
  XClient.exe
- Size
  
  72KB
- MD5
  
  e84ea1a720b6e323cd719883a7bc9a59
- SHA1
  
  7d9b1639bf6b4886dae466b7193189bc126d8296
- SHA256
  
  fd7d13f4db3ee83d8adcd3a1de3d8cf7135563e889a5438882882cfb90983413
- SHA512
  
  b92ab91a87f7359fdbee436695db74f1d00458ab9064fc7c737796bed199523a5bc0080ba653452287d2060f71f021cbaea951b0fdf40f6456994f3b5a81e6d0
- SSDEEP
  
  1536:tFjrzrPUMFIKBi3Ov+JplibWt5mHkTR6Q6TtkrwVO9dhLO:jjrzZOKBiribWFTR6zkUVO9/O
Score

10^/10

xworm rat trojan
- Detect Xworm Payload
- Xworm
  Xworm is a remote access trojan written in C#.
  trojan rat xworm
- Xworm family
  xworm
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
behavioral1

MITRE ATT&CK Matrix

Tasks

static1

behavioral1

© 2018-2025

Terms | Privacy