Overview

overview

10

Static

static

10

XClient.exe

windows10-1703-x64

10

XClient.exe

windows10-2004-x64

10

XClient.exe

windows11-21h2-x64

10

Sharing

Copy URL Twitter E-mail

General

  • Target

    XClient.exe

  • Size

    139KB

  • MD5

    1b7fbb6181468265d620acec2df45cb4

  • SHA1

    8b05e8a207e9d66b31d25bde0da7188e9f576570

  • SHA256

    08e4bb8663a172998b49a51329126ed1b9062cc281ee6bccc52d97f30ff9f72e

  • SHA512

    9c183e220a316e2d6e61189c6f7edee8a855f4c8480192e5b999d47907c30c8729d6814e57f14046fd5991bb8d43932a4d7d3e4646ecaedab16c59522d945b02

  • SSDEEP

    1536:jtdqysZHm2texipgE1MbeAFOFUa6+UOdeDuLHKzV:LsHnuipKbeJLUOde6uV

Score
10/10
xworm

Malware Config

Extracted

Family

xworm

Version

5.0

C2

remcon.ddns.net:8456

5.tcp.eu.ngrok.io:8456

147.185.221.17:8456

february-wages.gl.at.ply.gg:8456

remcon.ddns.net:08456

5.tcp.eu.ngrok.io:08456

147.185.221.17:08456

february-wages.gl.at.ply.gg:08456
Attributes
  • Install_directory

    %AppData%

  • install_file

    Dlscord.exe

  • telegram

    https://api.telegram.org/bot6848470626:AAHoDIZqXorMkSbVro82UUQ5bf4dsmVIYyc/sendMessage?chat_id=6274985126

Signatures

  • Detect Xworm Payload 1 IoCs
  • Xworm family
    xworm
  • Unsigned PE 1 IoCs

    Checks for missing Authenticode signature.

Files

  • XClient.exe
    .exe windows:4 windows x86 arch:x86

    f34d5f2d4577ed6d9ceec516c1f5a744


    Headers

    Imports

    Sections