General

  • Target

    XClient.exe

  • Size

    80KB

  • MD5

    3fc932775533f1bcea180de679a902dd

  • SHA1

    3f393d02af4653e34bf5526ec5b6f8d6e4df65e8

  • SHA256

    09a15daeebc228706f36a7659284ef673ea72e7a71700a2f73f4f1409486dd6a

  • SHA512

    f59d35a6fe5517a5b9a1ec9a07899eef9f48745710196f1824cc79823994d6fba7975da457ee06ec6215f56860680dc0c07412268c2b1c725c4c66611a75a764

  • SSDEEP

    1536:3fe5YhhQYfEwl/ZBitLC+b52sT7bNwf7ewd67bzO4uOP:3fefg7nitfbAsTXw7ernO4HP

Score
10/10

Malware Config

Extracted

Family

xworm

C2

phentermine-partial.gl.at.ply.gg:36969

Attributes
  • Install_directory

    %AppData%

  • install_file

    Client.exe

  • telegram

    https://api.telegram.org/bot7080511499:AAGFFOA3S2vvwmEy85SIMhKHrMsAdBoLR2Y

Signatures

  • Detect Xworm Payload 1 IoCs
  • Xworm family
  • Unsigned PE 1 IoCs

    Checks for missing Authenticode signature.

Files

  • XClient.exe
    .exe windows:4 windows x86 arch:x86

    f34d5f2d4577ed6d9ceec516c1f5a744


    Headers

    Imports

    Sections