Overview

overview

10

Static

static

10

XClient.exe

windows10-1703-x64

10

Sharing

Copy URL Twitter E-mail

General

  • Target

    XClient.exe

  • Size

    32KB

  • MD5

    0db163af043f3323d24ddbb11d16f483

  • SHA1

    0b7460397237917dc2be89248cbbbdd4926a3a4c

  • SHA256

    e50ee8bf64e696952151afec2597efab4a4a735faddaa233ebb81d7f42fd2132

  • SHA512

    9372060240ed0b413d1af3f427eef3808a8d007c2b6c06fea4495ed823684b98c6951e5784da93f22aac8a7047793d1efa2b3206e7f22daf663a32c66f340f80

  • SSDEEP

    768:KIXGQmlJ6lcGoxVJt76NHRVFr9j+Ojhvbf:9GQ1GB97QHDFr9j+Oj9z

Score
10/10
xworm

Malware Config

Extracted

Family

xworm

Version

5.0

C2

127.0.0.1:5555

tcp://0.tcp.sa.ngrok.io:5555

0.tcp.sa.ngrok.io:5555
Mutex

6RKSyVCAbeC5nDiA

Attributes
  • install_file

    USB.exe

aes.plain

Signatures

  • Detect Xworm Payload 1 IoCs
  • Xworm family
    xworm
  • Unsigned PE 1 IoCs

    Checks for missing Authenticode signature.

Files

  • XClient.exe
    .exe windows:4 windows x86 arch:x86

    f34d5f2d4577ed6d9ceec516c1f5a744


    Headers

    Imports

    Sections