General
-
Target
XClient.exe
-
Size
58KB
-
Sample
240401-ylm8aadg6x
-
MD5
55dd94691013783781074deff2441b85
-
SHA1
83d01a816a6456f2c90f1062bb34a7a90fe93130
-
SHA256
b08838a302455125c3cc1084d5c4bc5bfb8bcade1f981ef315a10a60d5100ce9
-
SHA512
df4f3042ce732fa3f3987fb34836f806e66cd7a2608aab0362050bc4dcc9bbaebc36e3603a497ded2a6f8d9d2177eaccbbdfaacb506fe17f2941d2f818695a4e
-
SSDEEP
1536:f/Xl4tC64X1y9b7huCJbxKzlsgvsO62kzG2q:f/Xy409b7gsbxx6sO6hNq
Malware Config
Extracted
xworm
h2cker.ddns.net:194
h2cker.ddns.net:0194
-
Install_directory
%AppData%
-
install_file
XClient.exe
Targets
-
-
Target
XClient.exe
-
Size
58KB
-
MD5
55dd94691013783781074deff2441b85
-
SHA1
83d01a816a6456f2c90f1062bb34a7a90fe93130
-
SHA256
b08838a302455125c3cc1084d5c4bc5bfb8bcade1f981ef315a10a60d5100ce9
-
SHA512
df4f3042ce732fa3f3987fb34836f806e66cd7a2608aab0362050bc4dcc9bbaebc36e3603a497ded2a6f8d9d2177eaccbbdfaacb506fe17f2941d2f818695a4e
-
SSDEEP
1536:f/Xl4tC64X1y9b7huCJbxKzlsgvsO62kzG2q:f/Xy409b7gsbxx6sO6hNq
-
Detect Xworm Payload
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-