General
-
Target
XClient.exe
-
Size
328KB
-
MD5
31efc6f58757a512c299b7fcd99b9b7d
-
SHA1
30c66c951e33d4badbf6f10d02ad739ffc61200d
-
SHA256
4c0eec4d151d1826adfc5ade240e0a9f6de9878f4375612889915aaca6914b23
-
SHA512
ba412c3ad4a81bb788a983bde31ba4c4e013173f70cb82f02a8b25f51e3a17a0894d2bb27cb3bcad5e06cc25c6d068dbbd248a021b99c708a5c9fca6ee764d55
-
SSDEEP
1536:TX2zNSX1IclnrQ4V62scL+bmnK8NLdb0HcACO7ISU4SbqsFGfFuAYCRAutPsAzA8:TX2z8X17lrQuAO+bmrldgWOMhK
Score
10/10
Malware Config
Extracted
Family
xworm
C2
chicago-employed.gl.at.ply.gg:4782
147.185.221.19:4782
<Xwormmm>:3412
Attributes
-
Install_directory
%AppData%
-
install_file
Runtime Broker.exe
Signatures
-
Detect Xworm Payload 1 IoCs
-
Xworm family
-
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
Files
-
XClient.exe
f34d5f2d4577ed6d9ceec516c1f5a744
Headers
Imports
Sections