General

  • Target

    XClient.exe

  • Size

    58KB

  • Sample

    240401-ylm8aadg6x

  • MD5

    55dd94691013783781074deff2441b85

  • SHA1

    83d01a816a6456f2c90f1062bb34a7a90fe93130

  • SHA256

    b08838a302455125c3cc1084d5c4bc5bfb8bcade1f981ef315a10a60d5100ce9

  • SHA512

    df4f3042ce732fa3f3987fb34836f806e66cd7a2608aab0362050bc4dcc9bbaebc36e3603a497ded2a6f8d9d2177eaccbbdfaacb506fe17f2941d2f818695a4e

  • SSDEEP

    1536:f/Xl4tC64X1y9b7huCJbxKzlsgvsO62kzG2q:f/Xy409b7gsbxx6sO6hNq

Score
10/10

Malware Config

Extracted

Family

xworm

C2

h2cker.ddns.net:194

h2cker.ddns.net:0194

Attributes
  • Install_directory

    %AppData%

  • install_file

    XClient.exe

Targets

    • Target

      XClient.exe

    • Size

      58KB

    • MD5

      55dd94691013783781074deff2441b85

    • SHA1

      83d01a816a6456f2c90f1062bb34a7a90fe93130

    • SHA256

      b08838a302455125c3cc1084d5c4bc5bfb8bcade1f981ef315a10a60d5100ce9

    • SHA512

      df4f3042ce732fa3f3987fb34836f806e66cd7a2608aab0362050bc4dcc9bbaebc36e3603a497ded2a6f8d9d2177eaccbbdfaacb506fe17f2941d2f818695a4e

    • SSDEEP

      1536:f/Xl4tC64X1y9b7huCJbxKzlsgvsO62kzG2q:f/Xy409b7gsbxx6sO6hNq

    Score
    10/10
    • Detect Xworm Payload

    • Xworm

      Xworm is a remote access trojan written in C#.

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

MITRE ATT&CK Matrix

Tasks