xworm | 88bb5a5fe3e9eb6dd9e68f8086ac795da6263337058dab762e0a7ecce9eee2e0 | Triage

Submit
Reports

Overview

overview

Static

static

XClient.exe

windows7-x64

Sharing

General

Target

XClient.exe
Size

61KB
Sample

250125-1jy8waspfn
MD5

749532615ba40ead1048a013db63f232
SHA1

3ee0802705c604c701d54610ebc8881b6c5d1722
SHA256

88bb5a5fe3e9eb6dd9e68f8086ac795da6263337058dab762e0a7ecce9eee2e0
SHA512

08a70e10a017b6126c296a68d559ec7b1fadf9c04c372a8dd40a46dc1e876947631b075f6cb4af46da86dc200c615afecd4b5d4187ff59f6848312c0582192e6
SSDEEP

1536:MEt7v9JjRhBL7ZiO7DCWsnkbDMN7w5Ovgj:9tpJdj3ZrD6kbDMm5Ovu

Score

10^/10

xworm persistence rat trojan

Static task

static1

3 signatures

Behavioral task

behavioral1

Sample

XClient.exe

Resource

win7-20240903-en

xworm persistence rat trojan

windows7-x64

11 signatures

150 seconds

Malware Config

Extracted

Family

xworm

C2

24.ip.gl.ply.gg:16322

Attributes

Install_directory
%AppData%
install_file
windowscleaner.exe

Targets

- Target
  
  XClient.exe
- Size
  
  61KB
- MD5
  
  749532615ba40ead1048a013db63f232
- SHA1
  
  3ee0802705c604c701d54610ebc8881b6c5d1722
- SHA256
  
  88bb5a5fe3e9eb6dd9e68f8086ac795da6263337058dab762e0a7ecce9eee2e0
- SHA512
  
  08a70e10a017b6126c296a68d559ec7b1fadf9c04c372a8dd40a46dc1e876947631b075f6cb4af46da86dc200c615afecd4b5d4187ff59f6848312c0582192e6
- SSDEEP
  
  1536:MEt7v9JjRhBL7ZiO7DCWsnkbDMN7w5Ovgj:9tpJdj3ZrD6kbDMm5Ovu
Score

10^/10

xworm persistence rat trojan
- Detect Xworm Payload
- Xworm
  Xworm is a remote access trojan written in C#.
  trojan rat xworm
- Xworm family
  xworm
- Drops startup file
- Executes dropped EXE
- Adds Run key to start application
  persistence
behavioral1

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Scheduled Task/Job

Scheduled Task

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Scheduled Task/Job

Scheduled Task

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Scheduled Task/Job

Scheduled Task

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

xwormpersistencerattrojan

© 2018-2025

Terms | Privacy