xworm | fc49309c85d3e0d4251f388411e3619dbbe8b3207f4c51b28ed258e63c38ac30 | Triage

Submit
Reports

Overview

overview

Static

static

9V80M_XClient.exe

windows7-x64

9V80M_XClient.exe

windows10-2004-x64

Sharing

General

Target

9V80M_XClient.exe
Size

82KB
Sample

250306-v69p8stxcv
MD5

d1204a713d2783ed15f21d05d36382b3
SHA1

3894a3e7357f1b1fca20f17834dc9ac3a448915b
SHA256

fc49309c85d3e0d4251f388411e3619dbbe8b3207f4c51b28ed258e63c38ac30
SHA512

d5fd18f6f2915e908555891dddf5e373244181ba45ee146f172c638df538551126a026d618779eeeb5785b8f6c40f2cc88446267a8145128b4d3de75c75709b6
SSDEEP

1536:/sGUFLw3NUPi9BbuRi2Hkjq/x6S1Opv7+bkw:/iJw3LBbuRxHk2F1Oh7+Yw

Score

10^/10

xworm rat trojan

Static task

static1

3 signatures

Behavioral task

behavioral1

Sample

9V80M_XClient.exe

Resource

win7-20240903-en

xworm rat trojan

windows7-x64

5 signatures

150 seconds

Behavioral task

behavioral2

Sample

9V80M_XClient.exe

Resource

win10v2004-20250217-en

xworm rat trojan

windows10-2004-x64

5 signatures

150 seconds

Malware Config

Extracted

Family

xworm

C2

editor-monitoring.gl.at.ply.gg:35972

Attributes

Install_directory
%ProgramData%
install_file
USB.exe

Targets

- Target
  
  9V80M_XClient.exe
- Size
  
  82KB
- MD5
  
  d1204a713d2783ed15f21d05d36382b3
- SHA1
  
  3894a3e7357f1b1fca20f17834dc9ac3a448915b
- SHA256
  
  fc49309c85d3e0d4251f388411e3619dbbe8b3207f4c51b28ed258e63c38ac30
- SHA512
  
  d5fd18f6f2915e908555891dddf5e373244181ba45ee146f172c638df538551126a026d618779eeeb5785b8f6c40f2cc88446267a8145128b4d3de75c75709b6
- SSDEEP
  
  1536:/sGUFLw3NUPi9BbuRi2Hkjq/x6S1Opv7+bkw:/iJw3LBbuRxHk2F1Oh7+Yw
Score

10^/10

xworm rat trojan
- Detect Xworm Payload
- Xworm
  Xworm is a remote access trojan written in C#.
  trojan rat xworm
- Xworm family
  xworm
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
behavioral1 behavioral2

MITRE ATT&CK Matrix

Tasks

static1

behavioral1

behavioral2

© 2018-2025

Terms | Privacy