General

  • Target

    XClient.exe

  • Size

    63KB

  • Sample

    240401-2vmvnahh89

  • MD5

    93e870b046ca444a02ac0352ec340c24

  • SHA1

    7a1d6f0a3218f7314dc7735381359e0e5e9b7636

  • SHA256

    fb1306e879286135143e822d17e2bf0f2531e5bf2b88f89f97878399a4ade592

  • SHA512

    c7bb8c097974f71dcd73af1aa4a34daeb2a0b2565dfc913e91f3123cf8faa075433b102af2f4fe2af31e5070e53ba636575f2ccce396ab1e9a0e2ed5a0df3138

  • SSDEEP

    1536:XTW+TuDEinvXdzqPUPdSVjQbheQu3PO8jzOT2zg:XFTuDEiFzq0dSVsbhe/G8jzOTr

Score
10/10

Malware Config

Extracted

Family

xworm

C2

147.185.221.16:40164

Attributes
  • install_file

    USB.exe

Targets

    • Target

      XClient.exe

    • Size

      63KB

    • MD5

      93e870b046ca444a02ac0352ec340c24

    • SHA1

      7a1d6f0a3218f7314dc7735381359e0e5e9b7636

    • SHA256

      fb1306e879286135143e822d17e2bf0f2531e5bf2b88f89f97878399a4ade592

    • SHA512

      c7bb8c097974f71dcd73af1aa4a34daeb2a0b2565dfc913e91f3123cf8faa075433b102af2f4fe2af31e5070e53ba636575f2ccce396ab1e9a0e2ed5a0df3138

    • SSDEEP

      1536:XTW+TuDEinvXdzqPUPdSVjQbheQu3PO8jzOT2zg:XFTuDEiFzq0dSVsbhe/G8jzOTr

    Score
    10/10
    • Detect Xworm Payload

    • Xworm

      Xworm is a remote access trojan written in C#.

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

MITRE ATT&CK Enterprise v15

Tasks