General

  • Target

    XClient.exe

  • Size

    33KB

  • Sample

    240403-fydkhahd96

  • MD5

    281fcc6fb9a502c1e87522d3993e349b

  • SHA1

    33ce52a36fa24efd60c436b406267c7f43357c7e

  • SHA256

    8d9025f2b8daa99c913c223398ac544fa88cb138327826f3d6734d445f1a51f8

  • SHA512

    f64a459c4ca223a3c150f34f85705551d840d63729cef81eec75444185d319a0b82eae79e39e8850241ce56b72137754f5dde38578808e951b0624827f4572cd

  • SSDEEP

    768:7AKdijXMwX1eJGl8y0UaKt4qNGU/kZl+BcgItlTF592P0O9hsSURK9:kjXMwX1eJGl8y0UbTIUsZcB5IHF592ci

Score
10/10

Malware Config

Extracted

Family

xworm

Version

3.1

C2

wrny.ddns.net:186

Mutex

o0XsqfAhtetfAzzQ

Attributes
  • install_file

    USB.exe

aes.plain

Targets

    • Target

      XClient.exe

    • Size

      33KB

    • MD5

      281fcc6fb9a502c1e87522d3993e349b

    • SHA1

      33ce52a36fa24efd60c436b406267c7f43357c7e

    • SHA256

      8d9025f2b8daa99c913c223398ac544fa88cb138327826f3d6734d445f1a51f8

    • SHA512

      f64a459c4ca223a3c150f34f85705551d840d63729cef81eec75444185d319a0b82eae79e39e8850241ce56b72137754f5dde38578808e951b0624827f4572cd

    • SSDEEP

      768:7AKdijXMwX1eJGl8y0UaKt4qNGU/kZl+BcgItlTF592P0O9hsSURK9:kjXMwX1eJGl8y0UbTIUsZcB5IHF592ci

    Score
    10/10
    • Detect Xworm Payload

    • Xworm

      Xworm is a remote access trojan written in C#.

MITRE ATT&CK Enterprise v15

Tasks