xworm | XClient[.]exe | Triage

Resubmissions

28-04-2024 09:11

240428-k5q7dscd54 10

28-04-2024 09:06

240428-k2ts4sce41 10

Sharing

General

Target

XClient.exe
Size

241KB
MD5

0d1bb5abb00b755f23abc9dd94ac48e5
SHA1

af98320e41cbaa605ac9eb4e6880e548e9ff4fa5
SHA256

763f829f6c81514765bba20dc7cee33b7943a2fd07a4d289b141a4379da1437b
SHA512

a1b589fc638b01684be832a78290747843eb7403e12392909a1c242ece810681e1658a9168b3ae6828f05927e6e06c2f167ebe4cdd7d87f342fecd79ef0168dc
SSDEEP

6144:5Q2yOGXC7BsBb/eFVhOg3UhcX7elbKTua9bfF/H9d9n:5QwGS2ZeFVhX33X3u+

Score

10^/10

xworm

Malware Config

Extracted

Family

xworm

C2

artist-forum.gl.at.ply.gg:38847

Attributes

Install_directory
%AppData%
install_file
XClient.exe

Signatures

Detect Xworm Payload 1 IoCs

Processes:

resource yara_rule

sample family_xworm
Xworm family
xworm
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.

Processes:

resource

XClient.exe

Files

XClient.exe
.exe windows:4 windows x86 arch:x86

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

mscoree

_CorExeMain

Sections

.text
Size: 73KB - Virtual size: 73KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 166KB - Virtual size: 166KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ