Overview

overview

10

Static

static

10

XClient2.exe

windows10-2004-x64

Sharing

Copy URL Twitter E-mail

General

  • Target

    XClient2.exe

  • Size

    33KB

  • Sample

    250520-1ptkksxnz8

  • MD5

    a15541867e29db90e388b8e3f64210ab

  • SHA1

    ff705442e7047a1f8b984dabba3389fb29a774f2

  • SHA256

    5af52c3ffabb33cb0cfb8d0a501267dc5102d46e840aa15c7316b07ec08da258

  • SHA512

    48667fe745863a6cbed8f6b2da1c74b443a3ceec0eb9869cfa4e598f458b17cc0f840a5f38cc6cb823cb3cc752091730b55d3ddc27ed6d5abf8ef32591e4f805

  • SSDEEP

    384:9B9DoGfK6VkuLNUaN6sd6+fpehz5JpkFy7BLThOZwxJmTv99IkcisfH6xOjhDI0G:5DlfKZKNUaJRp8eFy29FROjhE0jy

Score
10/10
xwormrattrojan

Malware Config

Extracted

Family

xworm

Version

5.0

Mutex

zvPgopnwRBeLqFpF

Attributes
  • install_file

    USB.exe

  • pastebin_url

    https://pastebin.com/raw/8b1GW10U

aes.plain

Targets

    • Target

      XClient2.exe

    • Size

      33KB

    • MD5

      a15541867e29db90e388b8e3f64210ab

    • SHA1

      ff705442e7047a1f8b984dabba3389fb29a774f2

    • SHA256

      5af52c3ffabb33cb0cfb8d0a501267dc5102d46e840aa15c7316b07ec08da258

    • SHA512

      48667fe745863a6cbed8f6b2da1c74b443a3ceec0eb9869cfa4e598f458b17cc0f840a5f38cc6cb823cb3cc752091730b55d3ddc27ed6d5abf8ef32591e4f805

    • SSDEEP

      384:9B9DoGfK6VkuLNUaN6sd6+fpehz5JpkFy7BLThOZwxJmTv99IkcisfH6xOjhDI0G:5DlfKZKNUaJRp8eFy29FROjhE0jy

    Score
    10/10
    xwormrattrojan

    • Contains code to disable Windows Defender

      A .NET executable tasked with disabling Windows Defender capabilities such as realtime monitoring, blocking at first seen, etc.

    • Detect Xworm Payload

    • Xworm

      Xworm is a remote access trojan written in C#.

      trojanratxworm

    • Xworm family

      xworm

    • Legitimate hosting services abused for malware hosting/C2

    behavioral1

MITRE ATT&CK Enterprise v16

Tasks