Overview

overview

10

Static

static

10

XClient123134.exe

windows7-x64

10

XClient123134.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    XClient123134.exe

  • Size

    41KB

  • MD5

    7ba8eb6feb7771f336f4bac863d2360f

  • SHA1

    b2cd78d7ce782c28876d8a9c0b955fa0b23d9f69

  • SHA256

    11ec6d16dbc8d49a08d378c536aa4a3871a8e9c8aaab71be1a389cac1c6cf299

  • SHA512

    af3a086916c0684026f4d7e031c59bd82d00394d0c2edb31b68aa6c33c5333eea63bfb3383937b3b37744fbe8419abb9c2230ef0e44c639ae27a6be1035903a6

  • SSDEEP

    768:8wV5gUaKc/YKjOpfJF5PM90vD6MOwhG3Eup:8siUHyYKjsFS92D6MOwE9p

Score
10/10
xworm

Malware Config

Extracted

Family

xworm

Version

5.0

C2

if-shuttle.gl.at.ply.gg:21098

Mutex

zfkQuIKdEsz3yxC4

Attributes
  • Install_directory

    %AppData%

  • install_file

    2234.exe

aes.plain

Signatures

  • Detect Xworm Payload 1 IoCs
  • Xworm family
    xworm
  • Unsigned PE 1 IoCs

    Checks for missing Authenticode signature.

Files

  • XClient123134.exe
    .exe windows:4 windows x86

    f34d5f2d4577ed6d9ceec516c1f5a744


    Headers

    Imports

    Sections