General

  • Target

    XClient2.exe

  • Size

    59KB

  • Sample

    240329-aje7wscc9w

  • MD5

    319304104843481d88b323ac4f18ce78

  • SHA1

    2f29db5e8ea16dd3038a77de52796f8ba0b28726

  • SHA256

    ce91d7371de4bde478de57427d3addf6bbc6e7d3a3126df516a90d8a81f76a85

  • SHA512

    b4a2a4437dd5903a3cd1be72ffb7c46a8b3ef31c5a0b43aaf1b9a642fce482d5738884529b5141b579cd58b68f021676a26855cfda16f20b9d7ee126900183ee

  • SSDEEP

    1536:bsHe4tOIEgnLb0kbcfKP4b4devOnOt5O:bs+4tO20kbcfTb2eWnOtk

Score
10/10

Malware Config

Extracted

Family

xworm

C2

94.6.233.124:5004

Attributes
  • install_file

    USB.exe

Targets

    • Target

      XClient2.exe

    • Size

      59KB

    • MD5

      319304104843481d88b323ac4f18ce78

    • SHA1

      2f29db5e8ea16dd3038a77de52796f8ba0b28726

    • SHA256

      ce91d7371de4bde478de57427d3addf6bbc6e7d3a3126df516a90d8a81f76a85

    • SHA512

      b4a2a4437dd5903a3cd1be72ffb7c46a8b3ef31c5a0b43aaf1b9a642fce482d5738884529b5141b579cd58b68f021676a26855cfda16f20b9d7ee126900183ee

    • SSDEEP

      1536:bsHe4tOIEgnLb0kbcfKP4b4devOnOt5O:bs+4tO20kbcfTb2eWnOtk

    Score
    10/10
    • Detect Xworm Payload

    • Xworm

      Xworm is a remote access trojan written in C#.

MITRE ATT&CK Matrix

Tasks