Overview

overview

10

Static

static

10

XClient.exe

windows7-x64

10

XClient.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    XClient.exe

  • Size

    33KB

  • Sample

    241122-v9h2pavmgz

  • MD5

    edd87a78e02a4c11c82bb8ccce9815d6

  • SHA1

    a5c6753e71e4d4ad83325c60ec88780471297272

  • SHA256

    da98f8de94a1f21adebde64bd45a11921fedeaec036035c46b80621b619f017b

  • SHA512

    3bbdafa95291ac1df2fb4545f9f3818c1a5b817a4d6f3dde182a3996e71d2fd118df1447ddaf855c4432b8bdda454ae0aa26a31c4333785f87b744f34492a4cd

  • SSDEEP

    768:S1M4swsuaI9VSLVHJOVW5NmLU6eKch1W9FW9Y5qRLOjh2bW:SykZaI9VSOVW5YMKchOFW9Y58LOj0C

Score
10/10
xwormpersistencerattrojan

Malware Config

Extracted

Family

xworm

Version

5.0

C2

192.168.68.139:2068

tell-outcome.gl.at.ply.gg:2068
Mutex

SXJOPv2u5QpF0aEa

Attributes
  • Install_directory

    %AppData%

  • install_file

    FileExplorer.exe

aes.plain

Targets

    • Target

      XClient.exe

    • Size

      33KB

    • MD5

      edd87a78e02a4c11c82bb8ccce9815d6

    • SHA1

      a5c6753e71e4d4ad83325c60ec88780471297272

    • SHA256

      da98f8de94a1f21adebde64bd45a11921fedeaec036035c46b80621b619f017b

    • SHA512

      3bbdafa95291ac1df2fb4545f9f3818c1a5b817a4d6f3dde182a3996e71d2fd118df1447ddaf855c4432b8bdda454ae0aa26a31c4333785f87b744f34492a4cd

    • SSDEEP

      768:S1M4swsuaI9VSLVHJOVW5NmLU6eKch1W9FW9Y5qRLOjh2bW:SykZaI9VSOVW5YMKchOFW9Y58LOj0C

    Score
    10/10
    xwormpersistencerattrojan

    • Detect Xworm Payload

    • Xworm

      Xworm is a remote access trojan written in C#.

      trojanratxworm

    • Xworm family

      xworm

    • Adds Run key to start application

      persistence
    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks