General
-
Target
XClient.exe
-
Size
42KB
-
MD5
f7baf33d58b074745f9d2c783bb26c28
-
SHA1
3000379afd2c2bc000812b869d8c92efe15f1a0a
-
SHA256
2ac1077ae8c7aba8679e65bbc1b16b55e58817473e1d5a6f178ca9cbc8c7c507
-
SHA512
52b626c91da0ee763d8a3f7cca624dbf5d4dacc62b79ce74ba5c0c44efa2d522fc3bb1de811741da574e3d05dcd33effcfd26a1358d2da58a66a264f97697b79
-
SSDEEP
768:1V4xSuhkjiBjjCdETO2jzvEjZFEPo9wNOuh9k2NVYC:749KKTbaFf9wNOukY9
Score
10/10
Malware Config
Extracted
Family
xworm
Version
3.1
C2
6.tcp.eu.ngrok.io:10800
Mutex
LV2hImPcJDM1Jrt1
Attributes
-
Install_directory
%AppData%
-
install_file
USB.exe
aes.plain
Signatures
-
Detect Xworm Payload 1 IoCs
-
Xworm family
-
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
Files
-
XClient.exe
f34d5f2d4577ed6d9ceec516c1f5a744
Headers
Imports
Sections