Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

10

Static

static

10

XClient.exe

windows7-x64

10

XClient.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    XClient.exe

  • Size

    62KB

  • Sample

    250309-m8herszyfv

  • MD5

    74fed5d53ce9830358c9b91e87852c7e

  • SHA1

    2aad8a3d584aa70a6495acbc3920819d02cebcd8

  • SHA256

    5848acc796216ebc5ba00b49e5d45ffe52e67533a34727c01919f101222475eb

  • SHA512

    82c739061d6ddbe05e76d1ccf873fe7de502ee28de097b0eeb8a82bbcea758f44526badd9fa0dd959e8df4691210e7f91c69393247407fe978f09b3454a3418e

  • SSDEEP

    1536:bMWH+HMX915KpdPAQXZ+bpLFuxhB62uAkO5kQYjj9:bx9LQXZ+bpLsn62fkOlYf9

Score
10/10
xwormrattrojan

Malware Config

Extracted

Family

xworm

C2

127.0.0.1:2277

192.168.1.62:2277

80.46.100.166:2277
Attributes
  • Install_directory

    %AppData%

  • install_file

    Venom Rat.exe

Targets

    • Target

      XClient.exe

    • Size

      62KB

    • MD5

      74fed5d53ce9830358c9b91e87852c7e

    • SHA1

      2aad8a3d584aa70a6495acbc3920819d02cebcd8

    • SHA256

      5848acc796216ebc5ba00b49e5d45ffe52e67533a34727c01919f101222475eb

    • SHA512

      82c739061d6ddbe05e76d1ccf873fe7de502ee28de097b0eeb8a82bbcea758f44526badd9fa0dd959e8df4691210e7f91c69393247407fe978f09b3454a3418e

    • SSDEEP

      1536:bMWH+HMX915KpdPAQXZ+bpLFuxhB62uAkO5kQYjj9:bx9LQXZ+bpLsn62fkOlYf9

    Score
    10/10
    xwormrattrojan

    • Detect Xworm Payload

    • Xworm

      Xworm is a remote access trojan written in C#.

      trojanratxworm

    • Xworm family

      xworm

    • Drops startup file

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks