There are no such files in MODX. It is necessary to treat the site and change passwords.

wp-xmlrpc.php is kind of related to Wordpess

Faced such a problem. The site was under Apache. Treated htaccess'om. Unfortunately, the source file has not been preserved. The problem is easily solved if you manage from a fixed IP. The principle of the rule is this:
if this is a POST request
AND it is NOT addressed to typical scripts (such as index.php in the root and there is a receiver for AJAX requests in the public part in some other place)
And if the request is not from the specified IP,
then we redirect it to a stub, in which we write the request parameters to the log, who, where, and with what data.
thus, the attacker will not even enter the admin panel, and about requests for something else is generally useless.
further, while collecting logs for the scripts placed by the attacker, we analyze all the scripts of the site where the following functions are mentioned: mail, eval, fsockopen and its variations, base64_decode, exec and its analogues.
I had this feature: The malicious code was at the beginning of the file in the form of <?php, then a bunch of spaces to hide from the eyes in the editor, then the code ended with ?>, respectively, if it was originally a php file, then after that, <?php of the native file was opened

There was a problem with evolution, before a certain version there was a vulnerability. Here you can see the instructions for fixing it: https://modx.ru/novosti-i-stati/article/289/
If it’s thesis, then you make a backup of files and a database, look for problem files with Aibolit, clean or delete them (according to the situation), update to the latest version of MODX, update all modules.