Overview

overview

10

Static

static

10

XClient.exe

windows10-ltsc 2021-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    XClient.exe

  • Size

    32KB

  • Sample

    250303-lqa3astzh1

  • MD5

    aa28999f912f6a5957f8a171e4925920

  • SHA1

    da34ea400975fbfe6190656fb56e718f9da98a3e

  • SHA256

    184fdbf6ea4117252a8f4ec4745ce0e986d481892e6ec089677b8ea811e80894

  • SHA512

    9425f4fc132a6284f26f6bb691afd7cf4cf3f9dadbd50975e234aba3424928ab1f17126152380b8d9093fd14a479460580bdcbfc9c5edc8921e8758b0f56d966

  • SSDEEP

    384:IYxRXcrP31VZBELRUnvJff3cdiwCYRJpkFTBLToOZwxJd2v99IkuiseVFxOjhkbc:4PjgRevJ3cdUYGF/9jTOjhkbc

Score
10/10
xwormrattrojan

Malware Config

Extracted

Family

xworm

Version

5.0

Mutex

4RZ2WAwAMBnKFhpo

Attributes
  • install_file

    USB.exe

  • pastebin_url

    https://pastebin.com/raw/ZfZVy45n

aes.plain

Targets

    • Target

      XClient.exe

    • Size

      32KB

    • MD5

      aa28999f912f6a5957f8a171e4925920

    • SHA1

      da34ea400975fbfe6190656fb56e718f9da98a3e

    • SHA256

      184fdbf6ea4117252a8f4ec4745ce0e986d481892e6ec089677b8ea811e80894

    • SHA512

      9425f4fc132a6284f26f6bb691afd7cf4cf3f9dadbd50975e234aba3424928ab1f17126152380b8d9093fd14a479460580bdcbfc9c5edc8921e8758b0f56d966

    • SSDEEP

      384:IYxRXcrP31VZBELRUnvJff3cdiwCYRJpkFTBLToOZwxJd2v99IkuiseVFxOjhkbc:4PjgRevJ3cdUYGF/9jTOjhkbc

    Score
    10/10
    xwormrattrojan

    • Detect Xworm Payload

    • Xworm

      Xworm is a remote access trojan written in C#.

      trojanratxworm

    • Xworm family

      xworm

    • Legitimate hosting services abused for malware hosting/C2

    behavioral1

MITRE ATT&CK Enterprise v15

Tasks