General
-
Target
XClient.exe
-
Size
33KB
-
MD5
ac52ca030b8097bcee26a65405d9fcc9
-
SHA1
9ba28289ebd835920bf39bf35f9150403c074474
-
SHA256
af94ac0f45e1cbc8511c0bb5f1df603772ebf6d33cb746f1009f449fff822e6b
-
SHA512
c706b3afe65727d9c1337c9f02c778eed54e168dbcf44240b6ecf716d6c3d32b5fb85f0f6c0bc203955c1c5b2e721df316d4b54557952426a74d63ba1bff6c5a
-
SSDEEP
384:pE8PQ9Ba+vNuntf98d6ILj7CM42pfL3iB7OxVqWFiRApkFXBLTsOZwpGN2v99IkU:hUa+vNohsXn42JiB70SVF49j4OjhjbQ
Score
10/10
Malware Config
Extracted
Family
xworm
Version
5.0
C2
0.tcp.ngrok.io:19126
Mutex
s9ndcqp5bnAG7pid
Attributes
-
install_file
USB.exe
aes.plain
Signatures
-
Detect Xworm Payload 1 IoCs
-
Xworm family
-
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
Files
-
XClient.exe
f34d5f2d4577ed6d9ceec516c1f5a744
Headers
Imports
Sections