xworm | a2900d39b6a2e97fb155f3f23c1a5bb3938e550e4ff229c2605fd3b87774df99 | Triage

Submit
Reports

Overview

overview

Static

static

XClient.exe

windows10-2004-x64

Sharing

General

Target

XClient.exe
Size

33KB
Sample

241116-hw5bjs1laz
MD5

ccb420658817310b56be54bf6fe01d90
SHA1

561424d7ab148308f127be791ca5a7d3d469d225
SHA256

a2900d39b6a2e97fb155f3f23c1a5bb3938e550e4ff229c2605fd3b87774df99
SHA512

d07beef0079130aefc2c3451aba975cbf9382d91b3fc3eb6355df963153d20c16e78659fde968b3d6317c2eef8b54b1b4595e57b272aeec98e9696a9ba724662
SSDEEP

384:81sbhtLNSexatCJAk7LyjLrKdp6wsj4QfBRMpkFTBLTaOZwEJd2v99Ikuis4lVFY:lHLjAknyjPu89fBRFe9jBOjh3bD

Score

10^/10

xworm discovery rat trojan

Static task

static1

3 signatures

Behavioral task

behavioral1

Sample

XClient.exe

Resource

win10v2004-20241007-en

xworm discovery rat trojan

windows10-2004-x64

14 signatures

1800 seconds

Malware Config

Extracted

Family

xworm

Version

5.0

C2

https://pastebin.com/raw/DxYQ14Jj:123

Mutex

7dqqxIFVNg8bnRTQ

Attributes

install_file
USB.exe
pastebin_url
https://pastebin.com/raw/DxYQ14Jj
telegram
https://api.telegram.org/bot6094198209:AAGtbuJi6hBqVBpkxn3UzVsVOtCJjMn1cjE

aes.plain

Targets

- Target
  
  XClient.exe
- Size
  
  33KB
- MD5
  
  ccb420658817310b56be54bf6fe01d90
- SHA1
  
  561424d7ab148308f127be791ca5a7d3d469d225
- SHA256
  
  a2900d39b6a2e97fb155f3f23c1a5bb3938e550e4ff229c2605fd3b87774df99
- SHA512
  
  d07beef0079130aefc2c3451aba975cbf9382d91b3fc3eb6355df963153d20c16e78659fde968b3d6317c2eef8b54b1b4595e57b272aeec98e9696a9ba724662
- SSDEEP
  
  384:81sbhtLNSexatCJAk7LyjLrKdp6wsj4QfBRMpkFTBLTaOZwEJd2v99Ikuis4lVFY:lHLjAknyjPu89fBRFe9jBOjh3bD
Score

10^/10

xworm discovery rat trojan
- Detect Xworm Payload
- Xworm
  Xworm is a remote access trojan written in C#.
  trojan rat xworm
- Xworm family
  xworm
- Legitimate hosting services abused for malware hosting/C2
behavioral1

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Web Service

Exfiltration

Impact

Tasks

static1

behavioral1

xwormdiscoveryrattrojan

© 2018-2025

Terms | Privacy