General

  • Target

    XClient.exe

  • Size

    31KB

  • MD5

    69fbe1af13a7cc2a031b4dfda51cf7db

  • SHA1

    e689063e9e408db950ca373e626e0a7a80621369

  • SHA256

    f495df6d2b79c9d80c271865d6c638b49614c050d5e8d1441f6b5bb60de987a0

  • SHA512

    9c552d8705b90d6978606097d5811f5dec5df52eaa19fc2a58e21b1239c0e8bc552ab497b249bf94a9bfc6f53b55bd90005fc2c61f2b45b47896d4432ad31516

  • SSDEEP

    384:gWrVqCDweO/ace/VgFpLJPXwDs2ETIiqqR+gtFqBLTiZw/WNCvK9IkVusxOjhv/i:ozT5gePqqZFr9RBOjhv/7vm

Score
10/10

Malware Config

Extracted

Family

xworm

Version

3.1

C2

6.tcp.eu.ngrok.io:15377

Mutex

7AVgTddDbNeHWLO8

Attributes
  • install_file

    USB.exe

aes.plain

Signatures

  • Detect Xworm Payload 1 IoCs
  • Xworm family
  • Unsigned PE 1 IoCs

    Checks for missing Authenticode signature.

Files

  • XClient.exe
    .exe windows x86

    f34d5f2d4577ed6d9ceec516c1f5a744


    Headers

    Imports

    Sections