xworm | 935255132546b85bd86ebe97e8a5bf7576a82e7bf69d994a345ed44977321e40 | Triage

Submit
Reports

Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

Static

static

XClient.exe

windows7-x64

XClient.exe

windows10-2004-x64

Sharing

General

Target

XClient.exe
Size

38KB
Sample

250310-qdf51awtc1
MD5

15d6de7cc2b9778bb454af90afe8bc34
SHA1

0fe4a912d4a77bbb3c4babb7b127f08d1b45458b
SHA256

935255132546b85bd86ebe97e8a5bf7576a82e7bf69d994a345ed44977321e40
SHA512

44352e09ebedf270ae8af9bcb67732cad68e28e495bb15e7c1a176708ea262203e01fe042165db13c745247125eeaf17809803d2f2e807d734df10a41edfaff1
SSDEEP

768:dVs8G/39vvxdnPNCx/BN7FWP99WIOMhAjIkN:dSBFpBNCx3FK9WIOMul

Score

10^/10

xworm rat trojan

Static task

static1

3 signatures

Behavioral task

behavioral1

Sample

XClient.exe

Resource

win7-20240903-en

xworm rat trojan

windows7-x64

8 signatures

150 seconds

Behavioral task

behavioral2

Sample

XClient.exe

Resource

win10v2004-20250217-en

xworm rat trojan

windows10-2004-x64

8 signatures

150 seconds

Malware Config

Extracted

Family

xworm

Version

5.0

C2

percent-wing.gl.at.ply.gg:20092

Mutex

qm2PdEKQDUikOFCl

Attributes

Install_directory
%AppData%
install_file
XClient.exe

aes.plain

Targets

- Target
  
  XClient.exe
- Size
  
  38KB
- MD5
  
  15d6de7cc2b9778bb454af90afe8bc34
- SHA1
  
  0fe4a912d4a77bbb3c4babb7b127f08d1b45458b
- SHA256
  
  935255132546b85bd86ebe97e8a5bf7576a82e7bf69d994a345ed44977321e40
- SHA512
  
  44352e09ebedf270ae8af9bcb67732cad68e28e495bb15e7c1a176708ea262203e01fe042165db13c745247125eeaf17809803d2f2e807d734df10a41edfaff1
- SSDEEP
  
  768:dVs8G/39vvxdnPNCx/BN7FWP99WIOMhAjIkN:dSBFpBNCx3FK9WIOMul
Score

10^/10

xworm rat trojan
- Detect Xworm Payload
- Xworm
  Xworm is a remote access trojan written in C#.
  trojan rat xworm
- Xworm family
  xworm
- Drops startup file
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2

© 2018-2025

Terms | Privacy