Overview

overview

10

Static

static

10

XClient.exe

windows7-x64

10

XClient.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    XClient.exe

  • Size

    33KB

  • MD5

    6a0dd7035dd8b214bc0e89abac86965b

  • SHA1

    bc37b9bd002d6e10e7922992d6c5cdd636f9820e

  • SHA256

    10893249600c494365edddc0bcca1b6bf5012f777cb375cd529972a0f94e9fa7

  • SHA512

    713a8515ed9f1ab509317593ac7b0b793af62b78a8d744bc532332d07f735b017e260872a1d0b77af14a1f753bd15c121d52a6a09f293f0e322f6313aec28216

  • SSDEEP

    768:3dKk9oVQUzoxVJt76NHRVFr9jcaIOjhBbS:NKD/y97QHDFr9jOOjve

Score
10/10
xworm

Malware Config

Extracted

Family

xworm

Version

5.0

C2

127.0.0.1:23638

209.25.140.1:5525:23638

bring-recorder.gl.at.ply.gg:23638

action-yesterday.gl.at.ply.gg:23638

147.185.221.19:23638

then-wheel.gl.at.ply.gg::23638

then-wheel.gl.at.ply.gg:23638

teen-modes.gl.at.ply.gg:23638
Mutex

LbSpssCFgm7ibxmv

Attributes
  • install_file

    USB.exe

aes.plain

Signatures

  • Detect Xworm Payload 1 IoCs
  • Xworm family
    xworm
  • Unsigned PE 1 IoCs

    Checks for missing Authenticode signature.

Files

  • XClient.exe
    .exe windows:4 windows x86 arch:x86

    f34d5f2d4577ed6d9ceec516c1f5a744


    Headers

    Imports

    Sections