General
-
Target
XClient.exe
-
Size
63KB
-
Sample
240401-2vmvnahh89
-
MD5
93e870b046ca444a02ac0352ec340c24
-
SHA1
7a1d6f0a3218f7314dc7735381359e0e5e9b7636
-
SHA256
fb1306e879286135143e822d17e2bf0f2531e5bf2b88f89f97878399a4ade592
-
SHA512
c7bb8c097974f71dcd73af1aa4a34daeb2a0b2565dfc913e91f3123cf8faa075433b102af2f4fe2af31e5070e53ba636575f2ccce396ab1e9a0e2ed5a0df3138
-
SSDEEP
1536:XTW+TuDEinvXdzqPUPdSVjQbheQu3PO8jzOT2zg:XFTuDEiFzq0dSVsbhe/G8jzOTr
Behavioral task
behavioral1
Sample
XClient.exe
Resource
win7-20240221-en
Malware Config
Extracted
xworm
147.185.221.16:40164
-
install_file
USB.exe
Targets
-
-
Target
XClient.exe
-
Size
63KB
-
MD5
93e870b046ca444a02ac0352ec340c24
-
SHA1
7a1d6f0a3218f7314dc7735381359e0e5e9b7636
-
SHA256
fb1306e879286135143e822d17e2bf0f2531e5bf2b88f89f97878399a4ade592
-
SHA512
c7bb8c097974f71dcd73af1aa4a34daeb2a0b2565dfc913e91f3123cf8faa075433b102af2f4fe2af31e5070e53ba636575f2ccce396ab1e9a0e2ed5a0df3138
-
SSDEEP
1536:XTW+TuDEinvXdzqPUPdSVjQbheQu3PO8jzOT2zg:XFTuDEiFzq0dSVsbhe/G8jzOTr
-
Detect Xworm Payload
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-