Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

10

Static

static

10

XClient.exe

windows7-x64

10

XClient.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    XClient.exe

  • Size

    69KB

  • Sample

    250309-ng5lnazzds

  • MD5

    ea43e00e8907e2e126c8dc9f82fa3d44

  • SHA1

    4fd15d64f2da0f5dfc764758c7ebe076b2c3efbf

  • SHA256

    61a04aadfde0690f4b2aee1f635af177aeb0eef4f9931fcbadf7c768b613cef9

  • SHA512

    1e7f72116552412386c14838293b0a1a0304681bdc4d9ea11e9364301056850ab5fe1c1de5149153694d80118c24947652a41d59dcf7862261c802cfd56d4037

  • SSDEEP

    1536:nX9ZBtG0aX3aFJqp4h/wq7abZ6ZqgTvI9Az4BWBrwOwsNCh:n+X6FJqcxebUQP9k45OwsNM

Score
10/10
xwormrattrojan

Malware Config

Extracted

Family

xworm

C2

any-attraction.gl.at.ply.gg:27770

Attributes
  • Install_directory

    %AppData%

  • install_file

    USB.exe

Targets

    • Target

      XClient.exe

    • Size

      69KB

    • MD5

      ea43e00e8907e2e126c8dc9f82fa3d44

    • SHA1

      4fd15d64f2da0f5dfc764758c7ebe076b2c3efbf

    • SHA256

      61a04aadfde0690f4b2aee1f635af177aeb0eef4f9931fcbadf7c768b613cef9

    • SHA512

      1e7f72116552412386c14838293b0a1a0304681bdc4d9ea11e9364301056850ab5fe1c1de5149153694d80118c24947652a41d59dcf7862261c802cfd56d4037

    • SSDEEP

      1536:nX9ZBtG0aX3aFJqp4h/wq7abZ6ZqgTvI9Az4BWBrwOwsNCh:n+X6FJqcxebUQP9k45OwsNM

    Score
    10/10
    xwormrattrojan

    • Detect Xworm Payload

    • Xworm

      Xworm is a remote access trojan written in C#.

      trojanratxworm

    • Xworm family

      xworm

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    behavioral1behavioral2

MITRE ATT&CK Matrix

Tasks