General

  • Target

    XClient.exe

  • Size

    38KB

  • MD5

    3dfaf9021e36a5f7bfd4eb9d95b7a688

  • SHA1

    6b2d966e7668bb8b5d0e6250ba02cd7845b638eb

  • SHA256

    96483a36ba13f2e77d4747ec7990c47befb46eacd1eafd90f936cec6f8c3a815

  • SHA512

    77154d58939c9cedd6174d65f13bf30dd5bcfde5d96cbfff4ef48faa6cbbca0c5fae83af192dad9235abf85cb4f15b08e9b6e6b9195f74bbc4e985e5136f759e

  • SSDEEP

    768:LPDWCCqClY9UiX/iBrEvG3GXFyc9Bj0N6OO/h4DEnlG:LPDWPleUgiBr7IF39x0N6OO/RlG

Score
10/10

Malware Config

Extracted

Family

xworm

Version

5.0

C2

16.ip.gl.ply.gg:52773

Mutex

Ae2WBMJUlunIj60j

Attributes
  • Install_directory

    %AppData%

  • install_file

    Gays.exe

aes.plain

Signatures

  • Detect Xworm Payload 1 IoCs
  • Xworm family
  • Unsigned PE 1 IoCs

    Checks for missing Authenticode signature.

Files

  • XClient.exe
    .exe windows:4 windows x86 arch:x86

    f34d5f2d4577ed6d9ceec516c1f5a744


    Headers

    Imports

    Sections