xworm | b3acf5f63e7aa153c28cca570d39965f66f6bcba03bc594dfb83cb69dcbc68ff | Triage

Submit
Reports

Overview

overview

Static

static

XClient.exe

windows7-x64

XClient.exe

windows10-2004-x64

Sharing

General

Target

XClient.exe
Size

86KB
Sample

250308-babc1sztc1
MD5

ecd39a9cdbff302ee10807f3b3afab35
SHA1

4500f59abb7cd3b2de0336cbfc141377508b2d99
SHA256

b3acf5f63e7aa153c28cca570d39965f66f6bcba03bc594dfb83cb69dcbc68ff
SHA512

2f27674eb3fabfc95fbdefb080d027112991822f9176c83745e7f32d59cebd12707010550bf6ee59e224bf38a1227b075baf6d44fe338cc37f0a2d28bfbde953
SSDEEP

1536:0pmP+ATwviuoRnvBo/3tbuYaeQrcdgUB6h2hOzkl9dS1EAd8IIR:N5wvPodC/9buYa5c6p2hOzqgEA6IIR

Score

10^/10

xworm rat trojan

Static task

static1

3 signatures

Behavioral task

behavioral1

Sample

XClient.exe

Resource

win7-20240903-en

xworm rat trojan

windows7-x64

5 signatures

150 seconds

Behavioral task

behavioral2

Sample

XClient.exe

Resource

win10v2004-20250217-en

xworm rat trojan

windows10-2004-x64

5 signatures

150 seconds

Malware Config

Extracted

Family

xworm

C2

customer-performances.gl.at.ply.gg:47775

Attributes

Install_directory
%AppData%
install_file
XClient.exe

Targets

- Target
  
  XClient.exe
- Size
  
  86KB
- MD5
  
  ecd39a9cdbff302ee10807f3b3afab35
- SHA1
  
  4500f59abb7cd3b2de0336cbfc141377508b2d99
- SHA256
  
  b3acf5f63e7aa153c28cca570d39965f66f6bcba03bc594dfb83cb69dcbc68ff
- SHA512
  
  2f27674eb3fabfc95fbdefb080d027112991822f9176c83745e7f32d59cebd12707010550bf6ee59e224bf38a1227b075baf6d44fe338cc37f0a2d28bfbde953
- SSDEEP
  
  1536:0pmP+ATwviuoRnvBo/3tbuYaeQrcdgUB6h2hOzkl9dS1EAd8IIR:N5wvPodC/9buYa5c6p2hOzqgEA6IIR
Score

10^/10

xworm rat trojan
- Detect Xworm Payload
- Xworm
  Xworm is a remote access trojan written in C#.
  trojan rat xworm
- Xworm family
  xworm
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
behavioral1 behavioral2

MITRE ATT&CK Matrix

Tasks

static1

behavioral1

behavioral2

© 2018-2025

Terms | Privacy