General

  • Target

    XClient5.exe

  • Size

    52KB

  • Sample

    240329-axyldscg3y

  • MD5

    1597f62f00a76e7d26b0928be923dc33

  • SHA1

    fe45e282f9b2f684b264a5d1140bdb33b1197359

  • SHA256

    1a6ab77c8eb7c8d28226bef03f9730498929929a19727d03f0cf0f1b4dcc1c02

  • SHA512

    827e91b9dc3463803e6eb2af1349b5b8aae3da473bec160bf20eab9ebab795ba894bbc78b8a90881ed1073cd506ed9bacb83d98fb491ba38a4d62229162e58ff

  • SSDEEP

    1536:5k+bJfOqZsWZSD+kbYiGDD3g9OE8jYU6S:5k+1GasISD+kbL6g9OEgT

Score
10/10

Malware Config

Extracted

Family

xworm

C2

192.168.0.7:1707

Attributes
  • install_file

    USB.exe

Targets

    • Target

      XClient5.exe

    • Size

      52KB

    • MD5

      1597f62f00a76e7d26b0928be923dc33

    • SHA1

      fe45e282f9b2f684b264a5d1140bdb33b1197359

    • SHA256

      1a6ab77c8eb7c8d28226bef03f9730498929929a19727d03f0cf0f1b4dcc1c02

    • SHA512

      827e91b9dc3463803e6eb2af1349b5b8aae3da473bec160bf20eab9ebab795ba894bbc78b8a90881ed1073cd506ed9bacb83d98fb491ba38a4d62229162e58ff

    • SSDEEP

      1536:5k+bJfOqZsWZSD+kbYiGDD3g9OE8jYU6S:5k+1GasISD+kbL6g9OEgT

    Score
    10/10
    • Detect Xworm Payload

    • Xworm

      Xworm is a remote access trojan written in C#.

MITRE ATT&CK Matrix

Tasks