Overview

overview

7

Static

static

3

XClient.exe

windows7-x64

7

XClient.exe

windows10-2004-x64

7

Sharing

Copy URL Twitter E-mail

General

  • Target

    XClient.exe

  • Size

    74KB

  • Sample

    231011-w6t58afh85

  • MD5

    8f2113466ac9aec9bce735763ef25b3a

  • SHA1

    1344dc904a3fa016c737e36ec61bfe61f4b124de

  • SHA256

    e84f49f7e7be718e3c684d79227e7756da4a1492301424cfe59d0f54a96c761f

  • SHA512

    d043e8e28e233dcec91858c420c8ec016df3d25ec099692fb91779e6f739c9c567a3969b3c781b1d190d0ff11ea15c1b5bda1ced0c6394b18cc24aac50b42d26

  • SSDEEP

    1536:FZBfqeHBTvyYHKCgwU4+bQrs49evC62Q4OSBfPBlM:JqehvNqCgh4+bQRw0OSPy

Score
7/10
persistence

Malware Config

Targets

    • Target

      XClient.exe

    • Size

      74KB

    • MD5

      8f2113466ac9aec9bce735763ef25b3a

    • SHA1

      1344dc904a3fa016c737e36ec61bfe61f4b124de

    • SHA256

      e84f49f7e7be718e3c684d79227e7756da4a1492301424cfe59d0f54a96c761f

    • SHA512

      d043e8e28e233dcec91858c420c8ec016df3d25ec099692fb91779e6f739c9c567a3969b3c781b1d190d0ff11ea15c1b5bda1ced0c6394b18cc24aac50b42d26

    • SSDEEP

      1536:FZBfqeHBTvyYHKCgwU4+bQrs49evC62Q4OSBfPBlM:JqehvNqCgh4+bQRw0OSPy

    Score
    7/10
    persistence

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Drops startup file

    • Executes dropped EXE

    • Adds Run key to start application

      persistence
    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks