xworm | XClient[.]exe | Triage

Sharing

General

Target

XClient.exe
Size

65KB
MD5

b53c880188ebed0698b50a4516d3c9c5
SHA1

217e22535dfba10cbc4573d3d396045214492fa0
SHA256

4775152a27ffc3f4ccf1242f4929d49138f9e56018c1d6a6e40106232bdb51c1
SHA512

df04fc0ee9ffe118c7fbe0f48cecf46d616d823291ffde9c3d6b6bd2da3bf4270c78f8a9896d99752237e603211c103fb2d8292733e3d610f836b02a50967f20
SSDEEP

1536:NBAEHMUq8q9/qVsF7b6SuHTvXRB6xOC3Qn22/:7AEy9/KsF7b6LzEOCU/

Score

10^/10

xworm

Malware Config

Extracted

Family

xworm

C2

engine-romania.gl.at.ply.gg:37581

Attributes

Install_directory
%AppData%
install_file
discord.exe

Signatures

Detect Xworm Payload 1 IoCs

resource	yara_rule
sample	family_xworm

Xworm family
xworm

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
XClient.exe

Files

XClient.exe
.exe windows:4 windows x86 arch:x86

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

mscoree

_CorExeMain

Sections

.text
Size: 62KB - Virtual size: 62KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ