General

  • Target

    XClient.exe

  • Size

    42KB

  • MD5

    16448c694b409bfd659718650d4c70c9

  • SHA1

    3fbf1099887886b9d1f30c9b16ca429ef8a055ac

  • SHA256

    a753282c9d378947b0eae2a9dff17973a0fdf660f7b5743424cfee3fcad1b7e2

  • SHA512

    c7e3b9baf6dc2f4220879cda204262bdda42eab51b2df75d05743bee6e70fd19fd72ebb9c37a3f8631bb2c8a9eb5ed19b505cb7dc49658ecdb9d04ae51d96671

  • SSDEEP

    768:Tp0g/LkG+Z83h7FFMXfIgUbxOu8LcbrrOeF3t9J+cOChy0LL0h:TOg/Lr+GR7ncIgPRYr1F99JvOCk0Ps

Score
10/10

Malware Config

Extracted

Family

xworm

Version

5.0

C2

testport43-48877.portmap.host:48877

Mutex

Qtp7mUZmfJB1fwyo

Attributes
  • Install_directory

    %AppData%

  • install_file

    Xclient.exe

aes.plain

Signatures

  • Detect Xworm Payload 1 IoCs
  • Xworm family
  • Unsigned PE 1 IoCs

    Checks for missing Authenticode signature.

Files

  • XClient.exe
    .exe windows:4 windows x86 arch:x86

    f34d5f2d4577ed6d9ceec516c1f5a744


    Headers

    Imports

    Sections