Overview

overview

10

Static

static

10

XClient.exe

windows7-x64

10

XClient.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    XClient.exe

  • Size

    32KB

  • Sample

    250124-hw3gyswlhz

  • MD5

    50ec04534e38d67176441227c05aa05a

  • SHA1

    11d09f5856a6945672b1ea9958564bfb4340afdc

  • SHA256

    a30de15c722fcba44ba069647c3de78dd5d15834ffd9faad60a4569252f495f7

  • SHA512

    b87fc16cdb5b1eab83b28476fe47bb5cd46fcbe6a6d2f8e9c87e24cb2aa71c43f8ed6c069cbe06e020d35fc4fe889f5d9c50a3636f5d278549c5232ff7cb15d4

  • SSDEEP

    384:RlRmhGD91SluSWhnHHxzLmYV3Tm2eaFObpzRApkFTBLTsOZwpGd2v99IkuisNVFn:zRPD9OQhx/BV3Tw42pzVFE9jsOjh5bK

Score
10/10
xwormrattrojan

Malware Config

Extracted

Family

xworm

Version

5.0

C2

45.32.153.7:7000

127.0.0.1:7000
Mutex

gKaTRNX0dSePJPR6

Attributes
  • install_file

    USB.exe

aes.plain

Targets

    • Target

      XClient.exe

    • Size

      32KB

    • MD5

      50ec04534e38d67176441227c05aa05a

    • SHA1

      11d09f5856a6945672b1ea9958564bfb4340afdc

    • SHA256

      a30de15c722fcba44ba069647c3de78dd5d15834ffd9faad60a4569252f495f7

    • SHA512

      b87fc16cdb5b1eab83b28476fe47bb5cd46fcbe6a6d2f8e9c87e24cb2aa71c43f8ed6c069cbe06e020d35fc4fe889f5d9c50a3636f5d278549c5232ff7cb15d4

    • SSDEEP

      384:RlRmhGD91SluSWhnHHxzLmYV3Tm2eaFObpzRApkFTBLTsOZwpGd2v99IkuisNVFn:zRPD9OQhx/BV3Tw42pzVFE9jsOjh5bK

    Score
    10/10
    xwormrattrojan

    • Detect Xworm Payload

    • Xworm

      Xworm is a remote access trojan written in C#.

      trojanratxworm

    • Xworm family

      xworm
    behavioral1behavioral2

MITRE ATT&CK Matrix

Tasks