Overview

overview

10

Static

static

10

XClient.exe

windows7-x64

10

XClient.exe

windows10-2004-x64

10

XClient.exe

windows10-ltsc 2021-x64

10

XClient.exe

windows11-21h2-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    XClient.exe

  • Size

    73KB

  • Sample

    250308-rsxxqsyms4

  • MD5

    09b9adb8a73969977b88cf69ad4b5fe4

  • SHA1

    6267e45323ebffeee2cf59f52b3f12796113dc81

  • SHA256

    28fa1c04ae1ce4ec30392f4aad72ab2369d660cc342d3009aa191ba631570f58

  • SHA512

    425d6999de16c8247e4d8bdb55620a288b071d4ae9defdba01b355c04cedf20110fe8150b4f5e379aac28445bd00b58a5f8106cc1e98ef252dafd09c3d02147f

  • SSDEEP

    1536:FucJ+68zJ3bukiutltZotEZb+38aihGZ762OEK1:8cJmEkiutzZHb0NZfOEK1

Score
10/10
xwormrattrojan

Malware Config

Extracted

Family

xworm

C2

agreement-uploaded.gl.at.ply.gg:26791

Attributes
  • Install_directory

    %AppData%

  • install_file

    svchost.exe

Targets

    • Target

      XClient.exe

    • Size

      73KB

    • MD5

      09b9adb8a73969977b88cf69ad4b5fe4

    • SHA1

      6267e45323ebffeee2cf59f52b3f12796113dc81

    • SHA256

      28fa1c04ae1ce4ec30392f4aad72ab2369d660cc342d3009aa191ba631570f58

    • SHA512

      425d6999de16c8247e4d8bdb55620a288b071d4ae9defdba01b355c04cedf20110fe8150b4f5e379aac28445bd00b58a5f8106cc1e98ef252dafd09c3d02147f

    • SSDEEP

      1536:FucJ+68zJ3bukiutltZotEZb+38aihGZ762OEK1:8cJmEkiutzZHb0NZfOEK1

    Score
    10/10
    xwormrattrojan

    • Detect Xworm Payload

    • Xworm

      Xworm is a remote access trojan written in C#.

      trojanratxworm

    • Xworm family

      xworm

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    behavioral1behavioral2behavioral3behavioral4

MITRE ATT&CK Matrix

Tasks