Overview

overview

10

Static

static

10

XClient.exe

windows10-1703-x64

1

Sharing

Copy URL Twitter E-mail

General

  • Target

    XClient.exe

  • Size

    40KB

  • MD5

    06198733f0a1927bfc4bee0daf3aee7a

  • SHA1

    01a8df95250f115b2dfc4bb736ad401bc2a2fb7d

  • SHA256

    a60bcab54e22898fd9c150a9a4cc869e40013472ba245f85e7d7f9bb0bdc9ad0

  • SHA512

    208064af795215678ca91db47d4ae852977be09fd83e515200e0ffe44367b1201439f0a5b7ed17a53dce913143b8804c445ee3fa0ad3950576f6c8d75f7cf308

  • SSDEEP

    768:L86Pl+YMscd+YREz5c71CqOxxlFPP9IEWC6ROBho/F4g:nWa5cpZOx/Fn9lWC6ROBC1

Score
10/10
xworm

Malware Config

Extracted

Family

xworm

Version

5.0

C2

Graxe239-61522.portmap.host:24764

en-karen.gl.at.ply.gg:24764
Mutex

G8Ry3jqczXDBdHPO

Attributes
  • install_file

    Runtime Broker.exe

aes.plain

Signatures

  • Detect Xworm Payload 1 IoCs
  • Xworm family
    xworm
  • Unsigned PE 1 IoCs

    Checks for missing Authenticode signature.

Files

  • XClient.exe
    .exe windows:4 windows x86 arch:x86

    f34d5f2d4577ed6d9ceec516c1f5a744


    Headers

    Imports

    Sections