Overview

overview

7

Static

static

3

XClient.exe

windows7-x64

7

XClient.exe

windows10-2004-x64

7

Sharing

Copy URL
Twitter E-mail

General

  • Target

    XClient.exe

  • Size

    76KB

  • Sample

    230712-tha2bsea27

  • MD5

    817f42d8de8cd4cd2da0e73ee54f6859

  • SHA1

    9d0d6c5847e3ea4466c2643d2ba050c1a324bb60

  • SHA256

    f5cc916c298cdad402427df767dcf55df9741c01953cbf2f8624435eb6023020

  • SHA512

    8ec52615385e9456b9d14e75b3aa212dc0e0450b4a6c84a289ac4a38774d5b995e456517d23ff007dfdc0274cc67765b54e078a1f2b564a68506589e196450d5

  • SSDEEP

    1536:Axvn23gQksEo6Dsp3LIBJ+Wy8fWUz6FhbyhriG6w7FbLQhOWioQq+j:cI8WMyw+MEhbyRF7FwOWioEj

Score
7/10
persistence

Malware Config

Targets

    • Target

      XClient.exe

    • Size

      76KB

    • MD5

      817f42d8de8cd4cd2da0e73ee54f6859

    • SHA1

      9d0d6c5847e3ea4466c2643d2ba050c1a324bb60

    • SHA256

      f5cc916c298cdad402427df767dcf55df9741c01953cbf2f8624435eb6023020

    • SHA512

      8ec52615385e9456b9d14e75b3aa212dc0e0450b4a6c84a289ac4a38774d5b995e456517d23ff007dfdc0274cc67765b54e078a1f2b564a68506589e196450d5

    • SSDEEP

      1536:Axvn23gQksEo6Dsp3LIBJ+Wy8fWUz6FhbyhriG6w7FbLQhOWioQq+j:cI8WMyw+MEhbyRF7FwOWioEj

    Score
    7/10
    persistence

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Drops startup file

    • Executes dropped EXE

    • Adds Run key to start application

      persistence

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks