xworm | 7b220c233f5727a936a41e52bd0d300c64c4e745722dc929b1efd0028987d830 | Triage

Submit
Reports

Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

Static

static

XClient.exe

windows7-x64

XClient.exe

windows10-2004-x64

Sharing

General

Target

XClient.exe
Size

36KB
Sample

250301-zq62ma11hw
MD5

1d99c7f6a79f55c428dc8993e0c9fd9b
SHA1

6f37bf47c552bf76797a8c403b1e498b31c4abac
SHA256

7b220c233f5727a936a41e52bd0d300c64c4e745722dc929b1efd0028987d830
SHA512

a2e3f6e61b3d1cfb995065f69ef60bb6a45b1122d0c5d4de5a867636b54a35a7e413efc2089f7af2d904c223f83d5ce2524062779c837bb13326d50bb944e4e0
SSDEEP

768:RQ2A5Unv1+tybbH3hASLKytbFf9YpOMhO3XPX:+2A5Unv1+oHHxVKylFf9YpOMgPX

Score

10^/10

xworm rat trojan

Static task

static1

3 signatures

Behavioral task

behavioral1

Sample

XClient.exe

Resource

win7-20240903-en

xworm rat trojan

windows7-x64

6 signatures

150 seconds

Behavioral task

behavioral2

Sample

XClient.exe

Resource

win10v2004-20250217-en

xworm rat trojan

windows10-2004-x64

6 signatures

150 seconds

Malware Config

Extracted

Family

xworm

Version

5.0

C2

127.0.0.1:16847

Mutex

r501EZ3pHhRqNNm0

Attributes

install_file
USB.exe

aes.plain

Targets

- Target
  
  XClient.exe
- Size
  
  36KB
- MD5
  
  1d99c7f6a79f55c428dc8993e0c9fd9b
- SHA1
  
  6f37bf47c552bf76797a8c403b1e498b31c4abac
- SHA256
  
  7b220c233f5727a936a41e52bd0d300c64c4e745722dc929b1efd0028987d830
- SHA512
  
  a2e3f6e61b3d1cfb995065f69ef60bb6a45b1122d0c5d4de5a867636b54a35a7e413efc2089f7af2d904c223f83d5ce2524062779c837bb13326d50bb944e4e0
- SSDEEP
  
  768:RQ2A5Unv1+tybbH3hASLKytbFf9YpOMhO3XPX:+2A5Unv1+oHHxVKylFf9YpOMgPX
Score

10^/10

xworm rat trojan
- Detect Xworm Payload
- Xworm
  Xworm is a remote access trojan written in C#.
  trojan rat xworm
- Xworm family
  xworm
behavioral1 behavioral2

MITRE ATT&CK Matrix

Tasks

static1

behavioral1

behavioral2

© 2018-2025

Terms | Privacy