Overview

overview

10

Static

static

10

XClient.exe

windows10-ltsc 2021-x64

10

XClient.exe

windows11-21h2-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    XClient.exe

  • Size

    33KB

  • Sample

    250119-ld2pgsslgs

  • MD5

    9548ab8c25f4d68ee82f30614b894610

  • SHA1

    3cd430018f06d22887175307e2d14e4796d86222

  • SHA256

    2462f6663eed6000fe8db91857170246530df7ce156ced422c73b3f1000f3ec9

  • SHA512

    635eb77d7586411539f11b41135392c3ab096617f50f4b652226d073624b8d1f684c0a01203334ee2f9e5929a365a33d404f4e1f4c79752ec8736f3635f0d8ba

  • SSDEEP

    384:Tl0UMD9SszMJ11DcS/i8L7zZ3ZFsLcvSAOo6PRApkFTBLTsOZwpGN2v99IkuisoH:JoD9vQB3Z3HJvlOPVF89jsOjhCbg

Score
10/10
xwormrattrojan

Malware Config

Extracted

Family

xworm

Version

5.0

C2

7.tcp.eu.ngrok.io:11135

Mutex

Y5ZJT9tdrWfHkA4C

Attributes
  • install_file

    USB.exe

aes.plain

Targets

    • Target

      XClient.exe

    • Size

      33KB

    • MD5

      9548ab8c25f4d68ee82f30614b894610

    • SHA1

      3cd430018f06d22887175307e2d14e4796d86222

    • SHA256

      2462f6663eed6000fe8db91857170246530df7ce156ced422c73b3f1000f3ec9

    • SHA512

      635eb77d7586411539f11b41135392c3ab096617f50f4b652226d073624b8d1f684c0a01203334ee2f9e5929a365a33d404f4e1f4c79752ec8736f3635f0d8ba

    • SSDEEP

      384:Tl0UMD9SszMJ11DcS/i8L7zZ3ZFsLcvSAOo6PRApkFTBLTsOZwpGN2v99IkuisoH:JoD9vQB3Z3HJvlOPVF89jsOjhCbg

    Score
    10/10
    xwormrattrojan

    • Detect Xworm Payload

    • Xworm

      Xworm is a remote access trojan written in C#.

      trojanratxworm

    • Xworm family

      xworm

    • Legitimate hosting services abused for malware hosting/C2

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks