General

  • Target

    XClient.exe

  • Size

    33KB

  • Sample

    240402-3enyfsgh94

  • MD5

    c18a005d9f99cd107c9d43d7360b3efe

  • SHA1

    c72a3107c8721710f8572ef1398fa83c430c2121

  • SHA256

    001f882d4dfd324003bd4f85323c2588b6126586147056279f0a0bba13490d5b

  • SHA512

    2b42fae4ad246909593100959c9c0d252688db1e2faa6baa17b0ee12f2148fc61f979bad986b207790a86dbbc30791a8a9789122a1911bd8314243b522db34dc

  • SSDEEP

    768:/AKdijXMwX1eJGl8y0UaKt4qNGU/kZl+BcgItlTF592dO9hOSUR69:YjXMwX1eJGl8y0UbTIUsZcB5IHF592dM

Score
10/10

Malware Config

Extracted

Family

xworm

Version

3.1

C2

wrny.ddns.net:186

Mutex

iDIlGGQB37F6ehMw

Attributes
  • install_file

    USB.exe

aes.plain

Targets

    • Target

      XClient.exe

    • Size

      33KB

    • MD5

      c18a005d9f99cd107c9d43d7360b3efe

    • SHA1

      c72a3107c8721710f8572ef1398fa83c430c2121

    • SHA256

      001f882d4dfd324003bd4f85323c2588b6126586147056279f0a0bba13490d5b

    • SHA512

      2b42fae4ad246909593100959c9c0d252688db1e2faa6baa17b0ee12f2148fc61f979bad986b207790a86dbbc30791a8a9789122a1911bd8314243b522db34dc

    • SSDEEP

      768:/AKdijXMwX1eJGl8y0UaKt4qNGU/kZl+BcgItlTF592dO9hOSUR69:YjXMwX1eJGl8y0UbTIUsZcB5IHF592dM

    Score
    10/10
    • Detect Xworm Payload

    • Xworm

      Xworm is a remote access trojan written in C#.

MITRE ATT&CK Matrix

Tasks