xworm | 1558720751a4d37a2074f66f8ea7a65b1e3dff9e0c6cc395e6bcbd072fba690a | Triage

Submit
Reports

Overview

overview

Static

static

XClient.exe

windows11-21h2-x64

Sharing

General

Target

XClient.exe
Size

60KB
Sample

240630-zf76yayblr
MD5

107166f06c0965273058e6489798265a
SHA1

d43d853647183243b372248d4d0961d02157857e
SHA256

1558720751a4d37a2074f66f8ea7a65b1e3dff9e0c6cc395e6bcbd072fba690a
SHA512

208f998921ba32e015b046fd767ab682f9a4fce22655ac993b0e60886b6dcd8ed3cb7d710835c576a7233bc56bf116771d8bdda81e7d31d0a98f98eaac57fce2
SSDEEP

768:Wwjm6MDIGIt41FrtzWGDaCZrFcHubobWoYu2m6AzPyOKwJv7h3MSghzA3eny:nMkGuaTBWqrFHbobWofR6C6OKQ7pjuy

Score

10^/10

xworm execution rat trojan

Static task

static1

3 signatures

Behavioral task

behavioral1

Sample

XClient.exe

Resource

win11-20240508-en

xworm execution rat trojan

windows11-21h2-x64

7 signatures

150 seconds

Malware Config

Extracted

Family

xworm

Version

3.1

C2

0.tcp.eu.ngrok.io::12233

Attributes

Install_directory
%AppData%
install_file
USB.exe

Targets

- Target
  
  XClient.exe
- Size
  
  60KB
- MD5
  
  107166f06c0965273058e6489798265a
- SHA1
  
  d43d853647183243b372248d4d0961d02157857e
- SHA256
  
  1558720751a4d37a2074f66f8ea7a65b1e3dff9e0c6cc395e6bcbd072fba690a
- SHA512
  
  208f998921ba32e015b046fd767ab682f9a4fce22655ac993b0e60886b6dcd8ed3cb7d710835c576a7233bc56bf116771d8bdda81e7d31d0a98f98eaac57fce2
- SSDEEP
  
  768:Wwjm6MDIGIt41FrtzWGDaCZrFcHubobWoYu2m6AzPyOKwJv7h3MSghzA3eny:nMkGuaTBWqrFHbobWofR6C6OKQ7pjuy
Score

10^/10

xworm execution rat trojan
- Detect Xworm Payload
- Xworm
  Xworm is a remote access trojan written in C#.
  trojan rat xworm
- Command and Scripting Interpreter: PowerShell
  Run Powershell to modify Windows Defender settings to add exclusions for file extensions, paths, and processes.
  execution
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
behavioral1

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Command and Scripting Interpreter

PowerShell

Scheduled Task/Job

Scheduled Task

Persistence

Scheduled Task/Job

Scheduled Task

Privilege Escalation

Scheduled Task/Job

Scheduled Task

Defense Evasion

Credential Access

Discovery

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks

static1

behavioral1

xwormexecutionrattrojan

© 2018-2024

Terms | Privacy