Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

10

Static

static

10

XClient111.exe

windows10-2004-x64

10

XClient111.exe

windows10-ltsc 2021-x64

10

XClient111.exe

windows11-21h2-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    XClient111.exe

  • Size

    35KB

  • Sample

    250309-nhbd7szzdv

  • MD5

    1179885330eb5de3f8612cc57097fc1e

  • SHA1

    de3d97a6b415e76abe21c19d519f48c58b66030e

  • SHA256

    c83eaf911cc5438381051f1afcf3311fefb2f869fae17bf3e68cb50f0970f851

  • SHA512

    93c8f83ceb2617d82e71efb09e69775daa18680c7fc5023548c372e74b8b99cd008b7173f2d0ee1e4f7154155dda7485a394c9fa19e132d3c76e99fc5b727c79

  • SSDEEP

    768:RHs7Dzumj2frkBy1TxVP+sVFyw9bgjO/h0y8M:RM7DzumnCSKFr9bgjO/WxM

Score
10/10
xwormpersistencerattrojan

Malware Config

Extracted

Family

xworm

Version

5.0

C2

any-attraction.gl.at.ply.gg:27770

Mutex

hgwBs8FhWODiPVMb

Attributes
  • Install_directory

    %AppData%

  • install_file

    USB.exe

aes.plain

Targets

    • Target

      XClient111.exe

    • Size

      35KB

    • MD5

      1179885330eb5de3f8612cc57097fc1e

    • SHA1

      de3d97a6b415e76abe21c19d519f48c58b66030e

    • SHA256

      c83eaf911cc5438381051f1afcf3311fefb2f869fae17bf3e68cb50f0970f851

    • SHA512

      93c8f83ceb2617d82e71efb09e69775daa18680c7fc5023548c372e74b8b99cd008b7173f2d0ee1e4f7154155dda7485a394c9fa19e132d3c76e99fc5b727c79

    • SSDEEP

      768:RHs7Dzumj2frkBy1TxVP+sVFyw9bgjO/h0y8M:RM7DzumnCSKFr9bgjO/WxM

    Score
    10/10
    xwormpersistencerattrojan

    • Detect Xworm Payload

    • Xworm

      Xworm is a remote access trojan written in C#.

      trojanratxworm

    • Xworm family

      xworm

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Drops startup file

    • Executes dropped EXE

    • Adds Run key to start application

      persistence
    behavioral1behavioral2behavioral3

MITRE ATT&CK Enterprise v15

Tasks