xworm | 62de8e9d8356c9f4ffe699f49b46b87f604c9e705bca06bf589d9d3a615876c8 | Triage

Submit
Reports

Overview

overview

Static

static

XClient.exe

windows10-ltsc 2021-x64

Sharing

General

Target

XClient.exe
Size

174KB
Sample

241113-fhywhazkdp
MD5

8df6a0d67de286bef456b0356a789a1b
SHA1

85b4c2be7a0757e826b336b5b116cc77f51e1c11
SHA256

62de8e9d8356c9f4ffe699f49b46b87f604c9e705bca06bf589d9d3a615876c8
SHA512

c6473d07ccc5e904ea738ef76a6a95eaa3335813bdedd78b6395f21958db55375a3cdf19e1b4ec235d9cf391f45dede9ef16e11ab49d9bf3b9aea906064714e1
SSDEEP

3072:fdCUlJRbpm8TOaO16JGnBz65/M6If+3Js+3JFkKeTno:fdRl/bpdOoJGnxBt25

Score

10^/10

xworm rat trojan

Static task

static1

3 signatures

Behavioral task

behavioral1

Sample

XClient.exe

Resource

win10ltsc2021-20241023-en

xworm rat trojan

windows10-ltsc 2021-x64

5 signatures

1800 seconds

Malware Config

Extracted

Family

xworm

C2

request-rapidly.gl.at.ply.gg:56303

Attributes

Install_directory
%AppData%
install_file
DELETE THIS NOW.exe

Targets

- Target
  
  XClient.exe
- Size
  
  174KB
- MD5
  
  8df6a0d67de286bef456b0356a789a1b
- SHA1
  
  85b4c2be7a0757e826b336b5b116cc77f51e1c11
- SHA256
  
  62de8e9d8356c9f4ffe699f49b46b87f604c9e705bca06bf589d9d3a615876c8
- SHA512
  
  c6473d07ccc5e904ea738ef76a6a95eaa3335813bdedd78b6395f21958db55375a3cdf19e1b4ec235d9cf391f45dede9ef16e11ab49d9bf3b9aea906064714e1
- SSDEEP
  
  3072:fdCUlJRbpm8TOaO16JGnBz65/M6If+3Js+3JFkKeTno:fdRl/bpdOoJGnxBt25
Score

10^/10

xworm rat trojan
- Detect Xworm Payload
- Xworm
  Xworm is a remote access trojan written in C#.
  trojan rat xworm
- Xworm family
  xworm
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
behavioral1

MITRE ATT&CK Matrix

Tasks

static1

behavioral1

© 2018-2024

Terms | Privacy