Overview

overview

10

Static

static

10

XClient.exe

windows7-x64

10

XClient.exe

windows10-2004-x64

10

Resubmissions

04/03/2025, 20:13

250304-yzpy2azm13 10

Analysis

  • max time kernel
    145s
  • max time network
    118s
  • platform
    windows7_x64
  • resource
    win7-20241023-en
  • resource tags

    arch:x64arch:x86image:win7-20241023-enlocale:en-usos:windows7-x64system
  • submitted
    04/03/2025, 20:13

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    XClient.exe

  • Size

    36KB

  • MD5

    06b61e40514ee41f4d669f67aba2ae4e

  • SHA1

    b91b485f0e20bcad47ed547dc09dd1099ea2a1e7

  • SHA256

    7da1826ec06ee54802049e6acaae47634cc23c0694bc231d10aa0a940fc3f917

  • SHA512

    60490048e6332f036827727073206705aecf8995f609213707cab5292480ede3589ff5adb57bd09d230a7761d5cd224906b5ead6b1b7c3dcfe06cf92348e7957

  • SSDEEP

    768:fQ2A5Unv1+tybbH3hASLKytbFf9YSOMhi3XPa:Y2A5Unv1+oHHxVKylFf9YSOMAPa

Score
10/10
xwormrattrojan

Malware Config

Extracted

Family

xworm

Version

5.0

C2

127.0.0.1:7000

Mutex

SfdmUa0k53L7CGBH

Attributes
  • install_file

    USB.exe

aes.plain

Signatures

  • Detect Xworm Payload 1 IoCs
  • Xworm

    Xworm is a remote access trojan written in C#.

    trojanratxworm
  • Xworm family
    xworm
  • Suspicious behavior: EnumeratesProcesses 13 IoCs
  • Suspicious use of AdjustPrivilegeToken 1 IoCs
  • Suspicious use of SetWindowsHookEx 1 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\XClient.exe
    "C:\Users\Admin\AppData\Local\Temp\XClient.exe"
    1⤵
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of SetWindowsHookEx
    PID:2628
  • C:\Windows\explorer.exe
    "C:\Windows\explorer.exe"
    1⤵
      PID:1752
    • C:\Windows\explorer.exe
      "C:\Windows\explorer.exe"
      1⤵
        PID:584

      Network

      MITRE ATT&CK Matrix

      Replay Monitor

      Loading Replay Monitor...

      Downloads

      • memory/2628-0-0x000007FEF55E3000-0x000007FEF55E4000-memory.dmp

        Filesize

        4KB

        Download

      • memory/2628-1-0x0000000000E20000-0x0000000000E30000-memory.dmp

        Filesize

        64KB

        Download

      • memory/2628-2-0x000007FEF55E0000-0x000007FEF5FCC000-memory.dmp

        Filesize

        9.9MB

        Download

      • memory/2628-3-0x000007FEF55E3000-0x000007FEF55E4000-memory.dmp

        Filesize

        4KB

        Download

      • memory/2628-5-0x000007FEF55E0000-0x000007FEF5FCC000-memory.dmp

        Filesize

        9.9MB

        Download