xworm | 6943df8fe4dd84ff004fe27292011ef1faad12598946894a166d45b98e041d54 | Triage

Submit
Reports

Overview

overview

Static

static

XClient.exe

windows10-ltsc 2021-x64

Sharing

General

Target

XClient.exe
Size

71KB
Sample

241110-w46fgavrck
MD5

cd359387e4fe4d5bca26eabd84921e24
SHA1

46c9e2db95a4b40111c14c00b2dd083ba031d01d
SHA256

6943df8fe4dd84ff004fe27292011ef1faad12598946894a166d45b98e041d54
SHA512

9aa78a682263c3e913f63d05f88956863aa2cd92cd1dde90e7044b25ea58c9c429d7d0e559a7cc223823716d28d22344333c8f4762f5bc227ff04191208daa7b
SSDEEP

1536:mPjL/3H7WcFeevNl3TrWcbhq6v6DeC6qNLDYOuamYtACP:OjL/LreANljrxbkNeeFYOpXP

Score

10^/10

xworm rat trojan

Static task

static1

3 signatures

Behavioral task

behavioral1

Sample

XClient.exe

Resource

win10ltsc2021-20241023-en

xworm rat trojan

windows10-ltsc 2021-x64

5 signatures

1800 seconds

Malware Config

Extracted

Family

xworm

C2

147.185.221.23:15863

Attributes

Install_directory
%AppData%
install_file
SystemUser.exe

Targets

- Target
  
  XClient.exe
- Size
  
  71KB
- MD5
  
  cd359387e4fe4d5bca26eabd84921e24
- SHA1
  
  46c9e2db95a4b40111c14c00b2dd083ba031d01d
- SHA256
  
  6943df8fe4dd84ff004fe27292011ef1faad12598946894a166d45b98e041d54
- SHA512
  
  9aa78a682263c3e913f63d05f88956863aa2cd92cd1dde90e7044b25ea58c9c429d7d0e559a7cc223823716d28d22344333c8f4762f5bc227ff04191208daa7b
- SSDEEP
  
  1536:mPjL/3H7WcFeevNl3TrWcbhq6v6DeC6qNLDYOuamYtACP:OjL/LreANljrxbkNeeFYOpXP
Score

10^/10

xworm rat trojan
- Detect Xworm Payload
- Xworm
  Xworm is a remote access trojan written in C#.
  trojan rat xworm
- Xworm family
  xworm
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
behavioral1

MITRE ATT&CK Matrix

Tasks

static1

behavioral1

© 2018-2025

Terms | Privacy