xworm | 66c66882a3bb3fcedd9d452e698c6455d20d63978d14a99c01a4b71976650584 | Triage

Submit
Reports

Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

Static

static

XClient.exe

windows10-2004-x64

XClient.exe

windows10-ltsc 2021-x64

Sharing

General

Target

XClient.exe
Size

36KB
Sample

250301-zz7phssvfv
MD5

4a2f8e53282f1d7c1840c48e8a08e039
SHA1

e9482dc0a98d0ca841b7851a47cdc90d9ea5c010
SHA256

66c66882a3bb3fcedd9d452e698c6455d20d63978d14a99c01a4b71976650584
SHA512

1c1ecc21049363bfeec9a78a17f421fb96c7ba6b1827b4e2c45c1fb3a28cd67d4684b4a07b6ea57607b957c3fd0f8f17b43eae805aaa48d8dc5875dd5ba6aacd
SSDEEP

768:IQ2A5Unv1+tybbH3hASLKytbFf9YeOMhK3XP9:B2A5Unv1+oHHxVKylFf9YeOMwP9

Score

10^/10

xworm rat trojan

Static task

static1

3 signatures

Behavioral task

behavioral1

Sample

XClient.exe

Resource

win10v2004-20250217-en

xworm rat trojan

windows10-2004-x64

6 signatures

150 seconds

Behavioral task

behavioral2

Sample

XClient.exe

Resource

win10ltsc2021-20250217-en

xworm rat trojan

windows10-ltsc 2021-x64

6 signatures

150 seconds

Malware Config

Extracted

Family

xworm

Version

5.0

C2

127.0.0.1:16847

Mutex

QPcpp6lkPBvFeupO

Attributes

install_file
USB.exe

aes.plain

Targets

- Target
  
  XClient.exe
- Size
  
  36KB
- MD5
  
  4a2f8e53282f1d7c1840c48e8a08e039
- SHA1
  
  e9482dc0a98d0ca841b7851a47cdc90d9ea5c010
- SHA256
  
  66c66882a3bb3fcedd9d452e698c6455d20d63978d14a99c01a4b71976650584
- SHA512
  
  1c1ecc21049363bfeec9a78a17f421fb96c7ba6b1827b4e2c45c1fb3a28cd67d4684b4a07b6ea57607b957c3fd0f8f17b43eae805aaa48d8dc5875dd5ba6aacd
- SSDEEP
  
  768:IQ2A5Unv1+tybbH3hASLKytbFf9YeOMhK3XP9:B2A5Unv1+oHHxVKylFf9YeOMwP9
Score

10^/10

xworm rat trojan
- Detect Xworm Payload
- Xworm
  Xworm is a remote access trojan written in C#.
  trojan rat xworm
- Xworm family
  xworm
behavioral1 behavioral2

MITRE ATT&CK Matrix

Tasks

static1

behavioral1

behavioral2

© 2018-2025

Terms | Privacy