General

  • Target

    XClient.exe

  • Size

    39KB

  • MD5

    ec2b4606948a0a37cd65832cce81142d

  • SHA1

    b5ee9092b800162777c07e92e4fe86390a356efa

  • SHA256

    98d684515eac6a0301974bb278d9f1a5433110c1e9d414037608120ec6ee2d05

  • SHA512

    9e803e37554ea8a642c443580cd6f8fb9df40f462631d3cd728789831a699a0f028be9ae79111c54c66cd494f0b9f2fd9ce5566b11e8e1ad0327bca5c623bf46

  • SSDEEP

    768:Gu16bvArWN+BpBgVQ/rzHniNvHFQ9+N6POwhlbr7:5+vArE0mS/rLnKFQ9+N6POwDP7

Score
10/10

Malware Config

Extracted

Family

xworm

Version

5.0

C2

45.88.90.198:1500

Mutex

4bNBejuspbTTU5Yt

Attributes
  • Install_directory

    %ProgramData%

  • install_file

    WindowSc.exe

aes.plain

Signatures

  • Detect Xworm Payload 1 IoCs
  • Xworm family
  • Unsigned PE 1 IoCs

    Checks for missing Authenticode signature.

Files

  • XClient.exe
    .exe windows:4 windows x86 arch:x86

    f34d5f2d4577ed6d9ceec516c1f5a744


    Headers

    Imports

    Sections